Oh, here's the scenario : I imagine a few of you are familiar with IRC - there's a network of servers talking to each other, and listening for client and server connections. Currently the defacto port is 6667. But there's a growing movement to change this to 194, which will magically add 'accountability', 'responsibility' and 'respectability' to IRC. (how effective this would be has been beaten to death on the IRC mailing lists with no apparant answer.) In any event, there's two ways that ircd can be made to bind to this priviledged port - by running it setuid root (it gives up root priviledges right after binding to the port) (of course, I don't think that's a very likely solution - few people trust IRC to start with, and even fewer would trust it to be setuid root) or by starting it from inetd with a line like this : ircd stream tcp wait dougmc /home/dougmc/ircd/ircd ircd \-i (apparantly even this doesn't always work, but that's not my question either.) My question is this: I own /home/dougmc/ircd/ircd, so I can change it in any way I want. Is it possible to alter it in such a way that it takes this open fd to port 194 and abuses it, perhaps uses it to spoof a rlogin or rsh? If so, this isn't the great idea that people thought it was. If not, well it was just a thought. -- Doug McLaren, dougmc@graphite.comco.com