[937] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] about in.identd

daemon@ATHENA.MIT.EDU (Ian Jackson)
Sat Jul 20 20:06:29 1996

Date: Fri, 19 Jul 96 22:50 BST
From: Ian Jackson <ian@chiark.chu.cam.ac.uk>
To: Alan Cox <alan@cymru.net>
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199607182004.VAA22344@snowcrash.cymru.net>

Alan Cox writes ("Re: [linux-security] about in.identd"):
> > root? you don't need root permissions to lookup who owns a port, and there
> > are a few other programs that inetd spawns that bind to ports under 1024
> > that don't run as root [systat comes to mind]. 
> > 
> > so why run it as root? are we just asking for trouble?
> 
> I guess for history reasons (most identds dive into the kmem) - we have
> /proc so it seems we should run it as nobody

impren:~> grep ident /etc/inetd.conf | expand -1
ident  stream tcp nowait nobody /usr/sbin/identd identd -i
impren:~>

This is how Debian sets it up by default.

Ian.

[REW: So we should all go out and edit our inetd.conf files. While
you're are at it, I suggest that you also disable services as "systat"
and "netstat". Make sure that the UID you run your services as really
exists. Otherwise the "change uid to xxx" may fail and it might run as
root anyway.

We're also agreed (I hope) on the fact that "indentd" running as root
has nothing to do with the original breakin report.]

home help back first fref pref prev next nref lref last post