fakeidentd: not dropping privileges in standalone-mode
Dominik Geyer
dominik.geyer at gmx.de
Mon Aug 11 14:56:19 UTC 2008
On Monday 11 August 2008 16:28, you wrote:
> >> > What about an ENABLE_FEATURE_FAKEIDENTD_SETUID config-option which optionally
> >> > allows to drop privileges to a specified uid/gid?
> >>
> >> For what purpose? Do you see any way fakeidentd
> >> can be compromised?
> >
> > No, I don't. Even the code is quite trivial, I don't have a good feeling running such services
> > as root. I considered this just as a precaution.
> >
> > In the original (?) fakeidentd <http://www.guru-group.fi/~too/sw/releases/identd.c>
> > there was an overflow-bug (<https://www.sans.org/newsletters/sac/sac2_31.php>).
>
> Use "tcpsvd -u <user>:<group> 0 113 fakeidentd -i" then.
>
That's a good compromise/solution, I'll use this one. Thank you!
--
Dominik
More information about the busybox
mailing list