[icecast] A few Newbie Questions

Andrew M. Wu andrewwu at Princeton.EDU
Sun Feb 25 19:43:37 UTC 2001

Hi all,

I apologize for the following questions - some may be more general Linux
questions while others hopefully relate directly to Icecast:

1) With regards to the recent buffer-overflow exploit and the
recommendation of running icecast as a non-root user, how exactly does one
do that?  I've changed the UID and GUID of the icecast directory and files
and binaries to nobody, but what user should I be when starting the
icecast server (e.g. nobody or root)?  When I check the admins that are
connected it outputs:

  [Id: 0] [Host: icecast console] [Connected for: 8 seconds] [Commands
issued: 0] 
End of admin listing (1 listed)

Is the ID num of 0 to be a concern?

2) I was able to run the icecast server but when I tried to connect to it
with IceS the streamer gets kicked off with the following error:

[06/Feb/2001:01:44:50] [0:Main Thread] Kicking unknown 1 []
 Denied (tcp wrappers) [generic connection]], connected for 0 seconds

I've compiled icecast with both encryption and tcp_wrappers enabled.
I've added to my /etc/hosts.deny file the line

 icecast: ALL at ALL EXCEPT localhost
and to my /etc/hosts.allow file the line

 icecast: ALL at .princeton.edu

with the intent to allow only IP addresses within the Princeton domain
access to the server.

I believe that those files however are readable only by root; can i use
the ACL in place of those files then?

Furthermore, I've used mkpasswd (one not provided with the icecast
package; I actually couldn't locate mkpasswd.c in the src dir of the
tarball distribution) to create encrypted passwords for the encoder,
admin, and operator, which I then copied exactly and replaced the "hackme"
dummy passwords in icecast.conf.  So should the same text string that
mkpasswd outputted be used as the password parameter provided to the
streamer (e.g. IceS)?  

I'm running Icecast 1.3.7 and IceS 0.0.1beta5 on a PII 233 Mhz 128 Mb RAM
running Mandrake 7.0.

Any help and suggestions would be greatly appreciated,



--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.

More information about the Icecast mailing list