[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#95818: libpgsql2.1: should not depend on ident-server

>>>>> "Oliver" == Oliver Elphick <olly@lfix.co.uk> writes:

    Oliver> It is indeed the case that ident is needed to allow local
    Oliver> access without a password.  I understand that this
    Oliver> presents a small security risk on the server.  However,
    Oliver> without it, it is necessary for the postgres
    Oliver> administrator's database password to be held in clear in
    Oliver> some file, so that the automatic clean-up processes will
    Oliver> be able to operate.

Could be a disaster on some systems. I think same ident servers, like
oidentd, allow individual users to customise their own responses:


       -s     Allow identd reply spoofing. In order  for  a  non-
              root  user  to spoof its identd reply, the username
              must be listed in /etc/identd.spoof.   The  spoofed
              reply   can   optionally   be   specified   in  the
              /etc/identd.spoof   file.     For    example,    if
              "user:string"  were  an entry in /etc/identd.spoof,
              any successful lookups for "user" would  result  in
              the reply "string" being returned.  If the reply is
              not specified in the  /etc/identd.spoof  file,  the
              spoofed  reply will be read from an .ispoof file in
              the user's home directory. If a user is not allowed
              to  spoof identd replies or there is an error read­
              ing the .ispoof file,  if  the  -r  flag  has  been
              passed to identd, a randomized identd reply will be
              returned. If  not,  the  user's  username  will  be
              returned.  Non-root  users  are  allowed  to  spoof
              identd replies on ports greater than 1023. Non-root
              users  may spoof identd replies on all ports if the
              -A option is specified.

       -S     Same as '-s' but allow all users  to  spoof  identd
              replies  except  for  those  users  listed  in  the
              /etc/identd.spoof file.


              File containing username to return when oidentd  is
              run with the -s flag.

[note: the above requires careful reading; in order to enable non-root
spoofing you have to pass -s *and* put the user in the
/etc/identd.spoof file *without* a reply; -S is different]

This isn't something I like (read: hate), but I am bringing it up
because it could be a serious security hole when used by programs like
Brian May <bam@debian.org>

Reply to: