|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ANNOUNCE: secure identd v0.3
Wietse Venema (wietse
PORCUPINE.ORG)Tue, 15 Sep 1998 13:17:33 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Bay Networks Technical Support: "Re: Annex DoS"
- Previous message: David Luyer: "Re: Dump a mode --x--x--x binary on Linux 2.0.x"
- In reply to: Paul Boehm: "ANNOUNCE: secure identd v0.3"
- Next in thread: Paul Boehm: "Re: ANNOUNCE: secure identd v0.3"
Paul Boehm:
> Umh,
>
> all those mails about identd security scared me.. so i wrote a small perl
> identd server called sidentd which does the basic portpair to uid mapping
> (of course only by hosts involved in the connection) and allows users to set
> fake ident replys by editing /var/identd/their_numerical_uid... That's it...
> it doesn't execute external programs, it can't be overflowed(perl, remember).
local $in = <STDIN>;
This will not overflow, but in return for that, it will cause the
program to consume arbitrary amounts of memory. How many sident
processes does it take to run the machine out of swap space? On
some systems one sident process will suffice, on others as many as
swap/rlimit.
Suggested fix: read a fixed-size read buffer from the network. No
reasonable ident query needs to be longer than a couple bytes for
the two port numbers. When used in the right place, fixed-size
buffers are beneficial to security.
Wietse
- Next message: Bay Networks Technical Support: "Re: Annex DoS"
- Previous message: David Luyer: "Re: Dump a mode --x--x--x binary on Linux 2.0.x"
- In reply to: Paul Boehm: "ANNOUNCE: secure identd v0.3"
- Next in thread: Paul Boehm: "Re: ANNOUNCE: secure identd v0.3"