Doug McLaren wrote: > > Oh, here's the scenario : > > I imagine a few of you are familiar with IRC - there's a network of > servers talking to each other, and listening for client and server > connections. > > Currently the defacto port is 6667. But there's a growing movement to > change this to 194, which will magically add 'accountability', > 'responsibility' and 'respectability' to IRC. (how effective this > would be has been beaten to death on the IRC mailing lists with no > apparant answer.) [..] > ircd stream tcp wait dougmc /home/dougmc/ircd/ircd ircd \-i > > (apparantly even this doesn't always work, but that's not my question > either.) > > My question is this: I own /home/dougmc/ircd/ircd, so I can change it > in any way I want. Is it possible to alter it in such a way that it > takes this open fd to port 194 and abuses it, perhaps uses it to spoof > a rlogin or rsh? A quick perusal of (4.3BSD) inetd shows that it forks, the child gets setuid & setgid to the user that ircd is supposed to run as (dougmc in this case), and exec()d. Doesn't look too bad, but I just glanced at the code, and I couldn't say if any other version of UNIX doesn't do something dumb in inetd. So, if there's a hole in ircd, it could cetainly be exploited as dougmc but probably not as root. So it's probably not much worse than regular port 6667 in that respect. It's still a pretty stupid idea, but you're already ware of that. -- ericm ericm@microunity.com