Paul Boehm: > Umh, > > all those mails about identd security scared me.. so i wrote a small perl > identd server called sidentd which does the basic portpair to uid mapping > (of course only by hosts involved in the connection) and allows users to set > fake ident replys by editing /var/identd/their_numerical_uid... That's it... > it doesn't execute external programs, it can't be overflowed(perl, remember). local $in = <STDIN>; This will not overflow, but in return for that, it will cause the program to consume arbitrary amounts of memory. How many sident processes does it take to run the machine out of swap space? On some systems one sident process will suffice, on others as many as swap/rlimit. Suggested fix: read a fixed-size read buffer from the network. No reasonable ident query needs to be longer than a couple bytes for the two port numbers. When used in the right place, fixed-size buffers are beneficial to security. Wietse
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:16:27 PDT