On Fri, Aug 31, 2001 at 11:44:42AM +0200, Martin F Krafft wrote: > > okay, i give you that, but still, i have yet to encounter one sensibly > good use for ident. any shots? i already posted it in another message. > > why not? in most cases they will know anyway because most services > > either must run as root, or not, if its a nonroot service what the > > actual username is really isn't useful nor important. > > well, while my named runs may run as user bind and my proftpd as user > proftpd and my apache as www-data, there are *plenty* of people who > run these things as root. it's nice to determine first whether named > is running as root before cracking it... rubbish, if the admin is incompetent enough to be running these things as root he will have a cracked box regardless of whether identd is running or not. and all the zillions of bind exploit attempts i get, they are NEVER preceeded by ident queries. your line of reasoning here is completly flawed. > that's one of the many other parts of being security-concious... there is such a thing as going overboard with irrlevant minutia. my isp recently thought it would be a good idea to make /home unreadable by all its users for `security' reasons, of course this makes everyones shell puke when it cannot properly ascertain the pwd so they seem to have changed thier minds on this. (that and cat /etc/passwd will reveal everything ls -l /home would) -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgplqfX6TfV_W.pgp
Description: PGP signature