|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: D. J. Bernstein (djb
CR.YP.TO)Date: Mon Jan 15 2001 - 16:01:17 CST
Dan Harkless writes:
> Theo de Raadt just informed me via email that OpenBSD fixed their identd to
> only report SS_CONNECTOUT sockets in 1996.
The MTA and the FTP server and many other daemons will make outgoing TCP
connections upon request. This bogus ``fix'' does not achieve the stated
goal of keeping the daemon usernames secret. Meanwhile, it wipes out
useful logs for some portmap-style protocols. (Rare protocols, I agree.)
The correct approach is to encrypt the uid under a secret key. This has
been built into pidentd for years.
---Dan
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]