Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Is starting a user program on priv port via inetd dangerous ?

From: dougmc () graphite comco com (Doug McLaren)
Date: Thu, 21 Jul 1994 13:42:08 -0500 (CDT)

Oh, here's the scenario :

I imagine a few of you are familiar with IRC - there's a network of
servers talking to each other, and listening for client and server
connections.

Currently the defacto port is 6667.  But there's a growing movement to
change this to 194, which will magically add 'accountability',
'responsibility' and 'respectability' to IRC.  (how effective this
would be has been beaten to death on the IRC mailing lists with no
apparant answer.)

In any event, there's two ways that ircd can be made to bind to this
priviledged port - by running it setuid root (it gives up root
priviledges right after binding to the port) (of course, I don't think
that's a very likely solution - few people trust IRC to start with,
and even fewer would trust it to be setuid root) or by starting it
from inetd with a line like this :

   ircd stream tcp wait dougmc /home/dougmc/ircd/ircd ircd \-i

(apparantly even this doesn't always work, but that's not my question
either.)

My question is this: I own /home/dougmc/ircd/ircd, so I can change it
in any way I want.  Is it possible to alter it in such a way that it
takes this open fd to port 194 and abuses it, perhaps uses it to spoof
a rlogin or rsh?

If so, this isn't the great idea that people thought it was.  If not,
well it was just a thought.

-- 
Doug McLaren, dougmc () graphite comco com
Previous By Date Next
Previous By Thread Next

Current thread: