Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: ANNOUNCE: secure identd v0.3

Re: ANNOUNCE: secure identd v0.3

Paul Boehm (pbINSECURITY.NET)
Tue, 15 Sep 1998 20:56:58 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Luyer: "Re: Dump a mode --x--x--x binary on Linux 2.0.x"
Previous message: Casper Dik: "Re: Dump a mode --x--x--x binary on Linux 2.0.x"
In reply to: Wietse Venema: "Re: ANNOUNCE: secure identd v0.3"
Next in thread: Taral: "Re: ANNOUNCE: secure identd v0.3"

On Tue, Sep 15, 1998 at 01:17:33PM -0400, Wietse Venema wrote:
> This will not overflow, but in return for that, it will cause the
> program to consume arbitrary amounts of memory. How many sident
> processes does it take to run the machine out of swap space? On
> some systems one sident process will suffice, on others as many as
> swap/rlimit.

thanks for the report, i fixed that in 0.5 which is
available under http://insecurity.net/sidentd.tar.gz

ChangeLog since the last announced version:

# ChangeLog:
# v0.5 Sep 15 '98 - Reads only at most 20 chars from STDIN, then halfcloses the
#                   socket to prevent memory junkflooding,
#                                      (suggested by wietse venema)
#
# v0.4 Sep 15 '98 - Added security check for $uid (suggested by kevin vajk)
#                   Added char restriction to fakeunames,
#                   Added code to prevent users from faking other users.
#                   Added new commandline params for new features.
#                   Commandline args now toggle instead of set to fixed value.
#                   Checks for /proc/net/tcp and reports when incompatible.

with 0.5 sidentd no longer trusts anyone.. not even /proc,
so i think i can say it's stable now. (phew)

i'll add optional proxy-through identd support for masquerading hosts into
one of the next versions. sidentd will be renamed soon to "Sid" to prevent
naming confusions. the pidentd like DES support some people wanted seems
a bit far away, sorry... (or maybe there's a perl module for it.. gotta
look sometime)

bye,
    paul

PS: my english isn't as bad as the changelog suggests, i just tried to fit
    everything in one line.

PPS: check http://insecurity.net/ for newer versions from time to time.

--

[ Paul S. Boehm | paulboehm.priv.at | http://paul.boehm.org/ | infectedirc ]

      Linux is like a wigwam - no windows, no gates, apache inside!

Next message: David Luyer: "Re: Dump a mode --x--x--x binary on Linux 2.0.x"
Previous message: Casper Dik: "Re: Dump a mode --x--x--x binary on Linux 2.0.x"
In reply to: Wietse Venema: "Re: ANNOUNCE: secure identd v0.3"
Next in thread: Taral: "Re: ANNOUNCE: secure identd v0.3"