Bugtraq mailing list archives
Re: ANNOUNCE: secure identd v0.3
From: wietse () PORCUPINE ORG (Wietse Venema)
Date: Tue, 15 Sep 1998 13:17:33 -0400
Paul Boehm:
Umh, all those mails about identd security scared me.. so i wrote a small perl identd server called sidentd which does the basic portpair to uid mapping (of course only by hosts involved in the connection) and allows users to set fake ident replys by editing /var/identd/their_numerical_uid... That's it... it doesn't execute external programs, it can't be overflowed(perl, remember).
local $in = <STDIN>; This will not overflow, but in return for that, it will cause the program to consume arbitrary amounts of memory. How many sident processes does it take to run the machine out of swap space? On some systems one sident process will suffice, on others as many as swap/rlimit. Suggested fix: read a fixed-size read buffer from the network. No reasonable ident query needs to be longer than a couple bytes for the two port numbers. When used in the right place, fixed-size buffers are beneficial to security. Wietse
Current thread:
- ANNOUNCE: secure identd v0.3 Paul Boehm (Sep 14)
- Re: ANNOUNCE: secure identd v0.3 Booker Bense (Sep 15)
- Re: ANNOUNCE: secure identd v0.3 Wietse Venema (Sep 15)
- Re: ANNOUNCE: secure identd v0.3 Paul Boehm (Sep 15)
- Re: ANNOUNCE: secure identd v0.3 Taral (Sep 16)
- Re: ANNOUNCE: secure identd v0.3 Wietse Venema (Sep 16)
- Re: ANNOUNCE: secure identd v0.3 Kragen (Sep 17)