Re: Is starting a user program on priv port via inetd dangerous ?
Eric Murray (ericm@MicroUnity.com)
Thu, 21 Jul 94 16:39:37 MDT
Doug McLaren wrote:
>
> Oh, here's the scenario :
>
> I imagine a few of you are familiar with IRC - there's a network of
> servers talking to each other, and listening for client and server
> connections.
>
> Currently the defacto port is 6667. But there's a growing movement to
> change this to 194, which will magically add 'accountability',
> 'responsibility' and 'respectability' to IRC. (how effective this
> would be has been beaten to death on the IRC mailing lists with no
> apparant answer.)
[..]
> ircd stream tcp wait dougmc /home/dougmc/ircd/ircd ircd \-i
>
> (apparantly even this doesn't always work, but that's not my question
> either.)
>
> My question is this: I own /home/dougmc/ircd/ircd, so I can change it
> in any way I want. Is it possible to alter it in such a way that it
> takes this open fd to port 194 and abuses it, perhaps uses it to spoof
> a rlogin or rsh?
A quick perusal of (4.3BSD) inetd shows that it forks, the child
gets setuid & setgid to the user that ircd is supposed
to run as (dougmc in this case), and exec()d. Doesn't
look too bad, but I just glanced at the code, and I couldn't
say if any other version of UNIX doesn't do something dumb in inetd.
So, if there's a hole in ircd, it could cetainly be exploited as dougmc
but probably not as root. So it's probably not much worse than
regular port 6667 in that respect.
It's still a pretty stupid idea, but you're already ware of that.
--
ericm ericm@microunity.com