Subject: Re: identd not responding (?)
To: None <email@example.com>
From: David Mazieres <firstname.lastname@example.org>
Date: 02/26/1996 01:33:48
> From: "Neil J. McRae" <email@example.com>
> Date: Sun, 25 Feb 1996 10:26:13 +0000
> Edit your /etc/inetd.cong and change the identd line to this:
> ident stream tcp wait nobody.kmem /usr/libexec/identd identd -w -t60 -e -N
Isn't nobody.kmem an incredibly bad idea? Nobody is supposed to be
the least privileged UID. Potentially many users can run arbitrary
cgi-bin scripts or whatever as nobody. And yet now you let any such
user read /dev/kmem by ptracing identd.
I think root would actually be much safer than nobody.kmem. If you
don't trust the ident code enough to run as root, than at least chose
any other uid EXCEPT nobody.