On Thu, 16 Apr 1998, William T Wilson wrote:
> On Thu, 16 Apr 1998, Ed Jaeger wrote:
>
> > In llooking throgh the logs this morning on our firewall/masquerade box I
> > found the following:
>
> Ident is harmless, but I heard unsubstantiated rumors that ident has a
> remote root exploit in it. One thing that I DID confirm was that ident is
Oh? Where was this heard? I've looked at the code for hassles before, but
could always have another peep.
> not run through tcpd in many default configurations, so you should change
> the ident line in /etc/inetd.conf to use tcpd like the rest of the
> services, just to be safe. (Then the worst that could happen would be a
> remote access hole, which is pretty harmless most cases).
Er, from inetd.conf on this RedHat box:
auth stream tcp nowait nobody /usr/sbin/in.identd in.identd
-l -e -o
I don't _think_ I changed this inetd.conf from its default so as you can
see it doesn't run as root per default. That would be silly of course.
Also note you probably _don't_ want tcp_wrappers involved in identd
connections as you risk (with the wrong tcp_wrappers options) starting a
never ending loop of identd lookups between two servers.
On a similar topic...
finger stream tcp nowait root /usr/sbin/tcpd in.fingerd
Not too sensible, eh? Despite the fact the fingerd code drops permissions
early and has carefully audited code. On some systems fingerd runs as root
so it can read .plan etc. if they have bad permissions -- but this merely
creates inconsistency between local finger and remote finger.
Cheers
Chris
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
