Bugtraq mailing list archives

Re: ANNOUNCE: secure identd v0.3

From: wietse () PORCUPINE ORG (Wietse Venema)
Date: Tue, 15 Sep 1998 13:17:33 -0400


Paul Boehm:

Umh,

all those mails about identd security scared me.. so i wrote a small perl
identd server called sidentd which does the basic portpair to uid mapping
(of course only by hosts involved in the connection) and allows users to set
fake ident replys by editing /var/identd/their_numerical_uid... That's it...
it doesn't execute external programs, it can't be overflowed(perl, remember).


  local $in = <STDIN>;

This will not overflow, but in return for that, it will cause the
program to consume arbitrary amounts of memory. How many sident
processes does it take to run the machine out of swap space? On
some systems one sident process will suffice, on others as many as
swap/rlimit.

Suggested fix: read a fixed-size read buffer from the network.  No
reasonable ident query needs to be longer than a couple bytes for
the two port numbers. When used in the right place, fixed-size
buffers are beneficial to security.

        Wietse

Current thread:

ANNOUNCE: secure identd v0.3 Paul Boehm (Sep 14)
- Re: ANNOUNCE: secure identd v0.3 Booker Bense (Sep 15)
- Re: ANNOUNCE: secure identd v0.3 Wietse Venema (Sep 15)
  - Re: ANNOUNCE: secure identd v0.3 Paul Boehm (Sep 15)
  - Re: ANNOUNCE: secure identd v0.3 Taral (Sep 16)
    - Re: ANNOUNCE: secure identd v0.3 Wietse Venema (Sep 16)
    - Re: ANNOUNCE: secure identd v0.3 Kragen (Sep 17)