Subject: Re: identd not responding (?)
To: None <neil@domino.org>
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
List: current-users
Date: 02/26/1996 01:33:48
> From: "Neil J. McRae" <neil@domino.org>
> Date: Sun, 25 Feb 1996 10:26:13 +0000
>
> Edit your /etc/inetd.cong and change the identd line to this:
>
> ident stream tcp wait nobody.kmem /usr/libexec/identd identd -w -t60 -e -N
Isn't nobody.kmem an incredibly bad idea? Nobody is supposed to be
the least privileged UID. Potentially many users can run arbitrary
cgi-bin scripts or whatever as nobody. And yet now you let any such
user read /dev/kmem by ptracing identd.
I think root would actually be much safer than nobody.kmem. If you
don't trust the ident code enough to run as root, than at least chose
any other uid EXCEPT nobody.
David