Date: Mon, 14 Sep 1998 23:19:07 +0200 From: Paul Boehm <pb@INSECURITY.NET> Subject: ANNOUNCE: secure identd v0.3 To: BUGTRAQ@NETSPACE.ORG Umh, all those mails about identd security scared me.. so i wrote a small perl identd server called sidentd which does the basic portpair to uid mapping (of course only by hosts involved in the connection) and allows users to set fake ident replys by editing /var/identd/their_numerical_uid... That's it... it doesn't execute external programs, it can't be overflowed(perl, remember). Currently it only works under systems with linux like /proc/net/tcp. You can get it from http://insecurity.net/sidentd.gz ! it's very short and im pretty sure with that minimal untrusted data and data handling routines it's impossible to do anything to perl in any way... IMO sidentd is a good alternative to all existing identd's, not only because it's more secure, and smaller but alse cause it has more features. Output of sidentd is identically to the popular pidentd with the -e option enabled. It even knows most of it's commandline options (-o,-t,-n). Notice to all people that downloaded development versions(prior 0.3): better fetch the new version, it's faster,better and has more features :) (like disallowing certain bad faked idents (e.g. root)) Please refrain from flaming how bad it is to use perl for daemons, that discussion occured on bugtraq quite some time ago. IMO the only problem with perl is that it's a bit slower. bye, pb -- [ Paul S. Boehm | email@example.com | http://paul.boehm.org/ | infected@irc ] Linux is like a wigwam - no windows, no gates, apache inside!