Bugtraq mailing list archives
Re: Is starting a user program on priv port via inetd dangerous ?
From: gtoal () an-teallach com (Graham Toal)
Date: Fri, 22 Jul 1994 14:15:02 +0100
My question is this: I own /home/dougmc/ircd/ircd, so I can change it in any way I want. Is it possible to alter it in such a way that it takes this open fd to port 194 and abuses it, perhaps uses it to spoof a rlogin or rsh? No, but what is theoretically possible is that someone could use ircd to run arbitrary programs as the irc user. Even if you run it as a special user and in a chroot shell, there's a small possibility of abuse... for instance, say you run nntpd and have some private local groups you don't want exported, then if someone ran a proxy nntp port bouncer, they could access your local groups because the call would appear to be from a local user rather than the real remote host. However, if the rest of your system is set up properly, what you suggest above is no more dangerous than giving strangers a guest shell. If you allow outsiders on your machine anyway, it shouldn't be a problem. If you think your machine is only ever used by trusted insiders, it could be a problem. G
Current thread:
- Re: Is starting a user program on priv port via inetd dangerous ?, (continued)
- Re: Is starting a user program on priv port via inetd dangerous ? Darren Reed (Jul 22)
- Re: Is starting a user program on priv port via inetd dangerous ? jmc () gnu ai mit edu (Jul 22)
- yes, there's another hole in BIND Paul A Vixie (Jul 21)
- Re: yes, there's another hole in BIND Resident Hacker (Jul 22)
- Re: yes, there's another hole in BIND Paul A Vixie (Jul 22)
- Re: yes, there's another hole in BIND Perry E. Metzger (Jul 22)
- Re: yes, there's another hole in BIND Pat Myrto (Jul 22)
- Re: yes, there's another hole in BIND David Barr (Jul 22)
- Re: yes, there's another hole in BIND Joe Hentzel (Jul 22)
- *PLEASE* shut up Dave Sill (Jul 22)
- Re: Is starting a user program on priv port via inetd dangerous ? Graham Toal (Jul 22)
- Re: Sending escape sequences to xterms via wall/talk jmc () gnu ai mit edu (Jul 20)
- root name server corruption, denial of service prob Mark (Jul 21)
- Re: root name server corruption, denial of service prob Mark Kosters (Jul 21)
- Re: Escape sequences (was Wall and talkd pass binary data) Bruce Barnett (Jul 20)
- Re: Wall and talkd pass binary data G.J.W. Hagenaars (Jul 20)