Date:	Mon, 14 Sep 1998 23:19:07 +0200
From:	Paul Boehm <pb@INSECURITY.NET>
Subject:      ANNOUNCE: secure identd v0.3
To:	BUGTRAQ@NETSPACE.ORG

Umh,

all those mails about identd security scared me.. so i wrote a small perl
identd server called sidentd which does the basic portpair to uid mapping
(of course only by hosts involved in the connection) and allows users to set
fake ident replys by editing /var/identd/their_numerical_uid... That's it...
it doesn't execute external programs, it can't be overflowed(perl, remember).

Currently it only works under systems with linux like /proc/net/tcp.

You can get it from http://insecurity.net/sidentd.gz !

it's very short and im pretty sure with that minimal untrusted data
and data handling routines it's impossible to do anything to perl
in any way...

IMO sidentd is a good alternative to all existing
identd's, not only because it's more secure, and smaller but alse cause it
has more features. Output of sidentd is identically to the popular
pidentd with the -e option enabled. It even knows most of it's commandline
options (-o,-t,-n).

Notice to all people that downloaded development versions(prior 0.3):
better fetch the new version, it's faster,better and has more features :)
(like disallowing certain bad faked idents (e.g. root))

Please refrain from flaming how bad it is to use perl for daemons,
that discussion occured on bugtraq quite some time ago.
IMO the only problem with perl is that it's a bit slower.

bye,
    pb

--

[ Paul S. Boehm | paul@boehm.priv.at | http://paul.boehm.org/ | infected@irc ]

      Linux is like a wigwam - no windows, no gates, apache inside!