Pidentd is a popular and widely used identd daemon. I have conducted some tests recently and I was able to crash (segfault) the standalone daemon by sending "A" x 1000 to the listening port. Pidentd author has anticipated buffer overflows and therefore included code that constructs a call to abort() and syslog when it notices an overflow. Since Pidentd is started by root, and forks to uid nobody, I would assume the process run as nobody should construct the segfault, send an error to syslog, and the parent process should spawn another child. However, the root process is killed as well. The author may claim this is a feature, but I find it unacceptable for any root owned process to quit just from being sent a large amount of data. Version tested is Pidentd, version 3.1a14 Ryan Sweat h3xm3at_private
This archive was generated by hypermail 2b30 : Fri Apr 20 2001 - 08:36:00 PDT