Bugtraq mailing list archives
Re: Is starting a user program on priv port via inetd dangerous ?
From: mrg () mame mu OZ AU (matthew green)
Date: Fri, 22 Jul 1994 15:57:31 +1000
[ ... ]
A quick perusal of (4.3BSD) inetd shows that it forks, the child gets setuid & setgid to the user that ircd is supposed to run as (dougmc in this case), and exec()d. Doesn't look too bad, but I just glanced at the code, and I couldn't say if any other version of UNIX doesn't do something dumb in inetd.
i don't think you understood what doug was asking. i think running ircd from inetd this was is "safe" in the context doug was talking about - i don't think you can connect() out from a socket that is passed to a process from inetd(), as inetd() has already done the accept(), etc. i'd have to write a test case to be sure, though.
So, if there's a hole in ircd, it could cetainly be exploited as dougmc but probably not as root. So it's probably not much worse than regular port 6667 in that respect.
it would be extremely hard for ircd to have a bug that would give you anything but the chance of a denial of service attack. it just don't interact with unix (except to write a log file, perhaps), besides using the tcp (and udp) layers. last i checked, ircd exited almost immediately if you ran it as root, or as suid root.
It's still a pretty stupid idea, but you're already ware of that.
what, running an ircd, or running an ircd from inetd? .mrg.
Current thread:
- Re: Sending escape sequences to xterms via wall/talk, (continued)
- Re: Sending escape sequences to xterms via wall/talk Mike Raffety (Jul 20)
- Re: Sending escape sequences to xterms via wall/talk Christopher A. Stewart (Jul 20)
- Re: Sending escape sequences to xterms via wall/talk Andrew Beckett (Jul 21)
- setuid root programs and core dumps Rob Quinn (Jul 21)
- Re: Sending escape sequences to xterms via wall/talk Paul Daw (Jul 21)
- Re: Sending escape sequences to xterms via wall/talk Evil Pete (Jul 21)
- Re: Sending escape sequences to xterms via wall/talk Christopher A. Stewart (Jul 21)
- Re: Sending escape sequences to xterms via wall/talk pluvius (Jul 22)
- Re: Sending escape sequences to xterms via wall/talk Mike Raffety (Jul 20)
- Is starting a user program on priv port via inetd dangerous ? Doug McLaren (Jul 21)
- Re: Is starting a user program on priv port via inetd dangerous ? Eric Murray (Jul 21)
- Re: Is starting a user program on priv port via inetd dangerous ? matthew green (Jul 21)
- Re: Is starting a user program on priv port via inetd dangerous ? Darren Reed (Jul 22)
- Re: Is starting a user program on priv port via inetd dangerous ? jmc () gnu ai mit edu (Jul 22)
- yes, there's another hole in BIND Paul A Vixie (Jul 21)
- Re: yes, there's another hole in BIND Resident Hacker (Jul 22)
- Re: yes, there's another hole in BIND Paul A Vixie (Jul 22)
- Re: yes, there's another hole in BIND Perry E. Metzger (Jul 22)
- Re: yes, there's another hole in BIND Pat Myrto (Jul 22)
- Re: yes, there's another hole in BIND David Barr (Jul 22)
- Re: yes, there's another hole in BIND Joe Hentzel (Jul 22)
- *PLEASE* shut up Dave Sill (Jul 22)