[927] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] about in.identd

daemon@ATHENA.MIT.EDU (Elliot Lee)
Thu Jul 18 15:25:52 1996

Date: Thu, 18 Jul 1996 14:34:34 -0400 (EDT)
From: Elliot Lee <sopwith@redhat.com>
To: Jordy <jordy@newport.thirdwave.net>
cc: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>,
        linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.94.960718021743.21594B-100000@newport.thirdwave.net>

On Thu, 18 Jul 1996, Jordy wrote:

> > 
> > auth            113/tcp         ident           # User Verification
> 
> i have a very simple question. why does identd even need to be running as
> root? you don't need root permissions to lookup who owns a port, and there
> are a few other programs that inetd spawns that bind to ports under 1024
> that don't run as root [systat comes to mind]. 
> 
> so why run it as root? are we just asking for trouble?

Most ident implementations need sys/kmem group permissions to find out who
owns a port. For example, on Solaris /bin/netstat is setGID 

On Linux that is not the case however (netstat is not set*ID) -
an identd specifically for Linux should probably be written.

\\\| Elliot Lee                 |\\\    ||  "Claim to fame":
 \\\| Red Hat Software           |\\\   ||  What else?
  \\\| <sopwith@redhat.com>       |\\\  ||  http://www.redhat.com/
   \\\| Webmaster, Programmer, etc |\\\ ||

home help back first fref pref prev next nref lref last post