Bugtraq mailing list archives
Is starting a user program on priv port via inetd dangerous ?
From: dougmc () graphite comco com (Doug McLaren)
Date: Thu, 21 Jul 1994 13:42:08 -0500 (CDT)
Oh, here's the scenario : I imagine a few of you are familiar with IRC - there's a network of servers talking to each other, and listening for client and server connections. Currently the defacto port is 6667. But there's a growing movement to change this to 194, which will magically add 'accountability', 'responsibility' and 'respectability' to IRC. (how effective this would be has been beaten to death on the IRC mailing lists with no apparant answer.) In any event, there's two ways that ircd can be made to bind to this priviledged port - by running it setuid root (it gives up root priviledges right after binding to the port) (of course, I don't think that's a very likely solution - few people trust IRC to start with, and even fewer would trust it to be setuid root) or by starting it from inetd with a line like this : ircd stream tcp wait dougmc /home/dougmc/ircd/ircd ircd \-i (apparantly even this doesn't always work, but that's not my question either.) My question is this: I own /home/dougmc/ircd/ircd, so I can change it in any way I want. Is it possible to alter it in such a way that it takes this open fd to port 194 and abuses it, perhaps uses it to spoof a rlogin or rsh? If so, this isn't the great idea that people thought it was. If not, well it was just a thought. -- Doug McLaren, dougmc () graphite comco com
Current thread:
- Re: Wall and talkd pass binary data, (continued)
- Re: Wall and talkd pass binary data a.e.mossberg (Jul 20)
- Re: Wall and talkd pass binary data Martin Sean Bennet - Sun UK - CSG Engineer (Jul 20)
- Re: Sending escape sequences to xterms via wall/talk Mike Raffety (Jul 20)
- Re: Sending escape sequences to xterms via wall/talk Christopher A. Stewart (Jul 20)
- Re: Sending escape sequences to xterms via wall/talk Andrew Beckett (Jul 21)
- setuid root programs and core dumps Rob Quinn (Jul 21)
- Re: Sending escape sequences to xterms via wall/talk Paul Daw (Jul 21)
- Re: Sending escape sequences to xterms via wall/talk Evil Pete (Jul 21)
- Re: Sending escape sequences to xterms via wall/talk Christopher A. Stewart (Jul 21)
- Re: Sending escape sequences to xterms via wall/talk pluvius (Jul 22)
- Re: Sending escape sequences to xterms via wall/talk Mike Raffety (Jul 20)
- Is starting a user program on priv port via inetd dangerous ? Doug McLaren (Jul 21)
- Re: Is starting a user program on priv port via inetd dangerous ? Eric Murray (Jul 21)
- Re: Is starting a user program on priv port via inetd dangerous ? matthew green (Jul 21)
- Re: Is starting a user program on priv port via inetd dangerous ? Darren Reed (Jul 22)
- Re: Is starting a user program on priv port via inetd dangerous ? jmc () gnu ai mit edu (Jul 22)
- yes, there's another hole in BIND Paul A Vixie (Jul 21)
- Re: yes, there's another hole in BIND Resident Hacker (Jul 22)
- Re: yes, there's another hole in BIND Paul A Vixie (Jul 22)
- Re: yes, there's another hole in BIND Perry E. Metzger (Jul 22)
- Re: yes, there's another hole in BIND Pat Myrto (Jul 22)
- Re: yes, there's another hole in BIND David Barr (Jul 22)