[927] in linux-security and linux-alert archive
Re: [linux-security] about in.identd
daemon@ATHENA.MIT.EDU (Elliot Lee)
Thu Jul 18 15:25:52 1996
Date: Thu, 18 Jul 1996 14:34:34 -0400 (EDT)
From: Elliot Lee <sopwith@redhat.com>
To: Jordy <jordy@newport.thirdwave.net>
cc: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>,
linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.94.960718021743.21594B-100000@newport.thirdwave.net>
On Thu, 18 Jul 1996, Jordy wrote:
> >
> > auth 113/tcp ident # User Verification
>
> i have a very simple question. why does identd even need to be running as
> root? you don't need root permissions to lookup who owns a port, and there
> are a few other programs that inetd spawns that bind to ports under 1024
> that don't run as root [systat comes to mind].
>
> so why run it as root? are we just asking for trouble?
Most ident implementations need sys/kmem group permissions to find out who
owns a port. For example, on Solaris /bin/netstat is setGID
On Linux that is not the case however (netstat is not set*ID) -
an identd specifically for Linux should probably be written.
\\\| Elliot Lee |\\\ || "Claim to fame":
\\\| Red Hat Software |\\\ || What else?
\\\| <sopwith@redhat.com> |\\\ || http://www.redhat.com/
\\\| Webmaster, Programmer, etc |\\\ ||