Bugtraq mailing list archives
Re: ANNOUNCE: secure identd v0.3
From: pb () INSECURITY NET (Paul Boehm)
Date: Tue, 15 Sep 1998 20:56:58 +0200
On Tue, Sep 15, 1998 at 01:17:33PM -0400, Wietse Venema wrote:
This will not overflow, but in return for that, it will cause the program to consume arbitrary amounts of memory. How many sident processes does it take to run the machine out of swap space? On some systems one sident process will suffice, on others as many as swap/rlimit.
thanks for the report, i fixed that in 0.5 which is available under http://insecurity.net/sidentd.tar.gz ChangeLog since the last announced version: # ChangeLog: # v0.5 Sep 15 '98 - Reads only at most 20 chars from STDIN, then halfcloses the # socket to prevent memory junkflooding, # (suggested by wietse venema) # # v0.4 Sep 15 '98 - Added security check for $uid (suggested by kevin vajk) # Added char restriction to fakeunames, # Added code to prevent users from faking other users. # Added new commandline params for new features. # Commandline args now toggle instead of set to fixed value. # Checks for /proc/net/tcp and reports when incompatible. with 0.5 sidentd no longer trusts anyone.. not even /proc, so i think i can say it's stable now. (phew) i'll add optional proxy-through identd support for masquerading hosts into one of the next versions. sidentd will be renamed soon to "Sid" to prevent naming confusions. the pidentd like DES support some people wanted seems a bit far away, sorry... (or maybe there's a perl module for it.. gotta look sometime) bye, paul PS: my english isn't as bad as the changelog suggests, i just tried to fit everything in one line. PPS: check http://insecurity.net/ for newer versions from time to time. -- [ Paul S. Boehm | paul () boehm priv at | http://paul.boehm.org/ | infected@irc ] Linux is like a wigwam - no windows, no gates, apache inside!
Current thread:
- ANNOUNCE: secure identd v0.3 Paul Boehm (Sep 14)
- Re: ANNOUNCE: secure identd v0.3 Booker Bense (Sep 15)
- Re: ANNOUNCE: secure identd v0.3 Wietse Venema (Sep 15)
- Re: ANNOUNCE: secure identd v0.3 Paul Boehm (Sep 15)
- Re: ANNOUNCE: secure identd v0.3 Taral (Sep 16)
- Re: ANNOUNCE: secure identd v0.3 Wietse Venema (Sep 16)
- Re: ANNOUNCE: secure identd v0.3 Kragen (Sep 17)