Re: Is starting a user program on priv port via inetd dangerous ?
matthew green (mrg@mame.mu.OZ.AU)
Fri, 22 Jul 1994 15:57:31 +1000
[ ... ]
>A quick perusal of (4.3BSD) inetd shows that it forks, the child
>gets setuid & setgid to the user that ircd is supposed
>to run as (dougmc in this case), and exec()d. Doesn't
>look too bad, but I just glanced at the code, and I couldn't
>say if any other version of UNIX doesn't do something dumb in inetd.
i don't think you understood what doug was asking. i think running
ircd from inetd this was is "safe" in the context doug was talking
about - i don't think you can connect() out from a socket that is
passed to a process from inetd(), as inetd() has already done the
accept(), etc.
i'd have to write a test case to be sure, though.
>So, if there's a hole in ircd, it could cetainly be exploited as dougmc
>but probably not as root. So it's probably not much worse than
>regular port 6667 in that respect.
it would be extremely hard for ircd to have a bug that would give
you anything but the chance of a denial of service attack. it
just don't interact with unix (except to write a log file, perhaps),
besides using the tcp (and udp) layers. last i checked, ircd exited
almost immediately if you ran it as root, or as suid root.
>It's still a pretty stupid idea, but you're already ware of that.
what, running an ircd, or running an ircd from inetd?
.mrg.