Bugtraq mailing list archives

Re: Is starting a user program on priv port via inetd dangerous ?

From: gtoal () an-teallach com (Graham Toal)
Date: Fri, 22 Jul 1994 14:15:02 +0100


        My question is this: I own /home/dougmc/ircd/ircd, so I can change it
        in any way I want.  Is it possible to alter it in such a way that it
        takes this open fd to port 194 and abuses it, perhaps uses it to spoof
        a rlogin or rsh?

No, but what is theoretically possible is that someone could use ircd
to run arbitrary programs as the irc user.  Even if you run it as a special
user and in a chroot shell, there's a small possibility of abuse... for
instance, say you run nntpd and have some private local groups you don't
want exported, then if someone ran a proxy nntp port bouncer, they could
access your local groups because the call would appear to be from a local
user rather than the real remote host.

However, if the rest of your system is set up properly, what you suggest
above is no more dangerous than giving strangers a guest shell.  If you
allow outsiders on your machine anyway, it shouldn't be a problem.  If
you think your machine is only ever used by trusted insiders, it could
be a problem.

G

Current thread:

Re: Is starting a user program on priv port via inetd dangerous ?, (continued)
- - - Re: Is starting a user program on priv port via inetd dangerous ? Darren Reed (Jul 22)
    - Re: Is starting a user program on priv port via inetd dangerous ? jmc () gnu ai mit edu (Jul 22)
    - yes, there's another hole in BIND Paul A Vixie (Jul 21)
    - Re: yes, there's another hole in BIND Resident Hacker (Jul 22)
    - Re: yes, there's another hole in BIND Paul A Vixie (Jul 22)
    - Re: yes, there's another hole in BIND Perry E. Metzger (Jul 22)
    - Re: yes, there's another hole in BIND Pat Myrto (Jul 22)
    - Re: yes, there's another hole in BIND David Barr (Jul 22)
    - Re: yes, there's another hole in BIND Joe Hentzel (Jul 22)
    - *PLEASE* shut up Dave Sill (Jul 22)
    - Re: Is starting a user program on priv port via inetd dangerous ? Graham Toal (Jul 22)
    - Re: Sending escape sequences to xterms via wall/talk jmc () gnu ai mit edu (Jul 20)
    - root name server corruption, denial of service prob Mark (Jul 21)
    - Re: root name server corruption, denial of service prob Mark Kosters (Jul 21)
- Re: Wall and talkd pass binary data Paul Robinson (Jul 20)
  - Re: Escape sequences (was Wall and talkd pass binary data) Bruce Barnett (Jul 20)
- Re: Wall and talkd pass binary data Richard Huddleston (Jul 20)
  - Re: Wall and talkd pass binary data G.J.W. Hagenaars (Jul 20)
- Re: Wall and talkd pass binary data a.e.mossberg (Jul 21)
- Re: Wall and talkd pass binary data Paul Robinson (Jul 22)