[icecast] A few Newbie Questions

Michael Faurot mfaurot at atww.org
Sun Feb 25 20:03:41 UTC 2001



In article <983130226.25873 at phzzzt.atww.org> you wrote:

: 1) With regards to the recent buffer-overflow exploit and the
: recommendation of running icecast as a non-root user, how exactly does
: one do that?

I do it via "su".  I use a pseudo user named "ice" and have this in a
shell program that starts icecast:

        exec su --login -c "/usr/local/icecast/bin/icecast" ice &

NOTE: root needs to run this, so it won't be prompted for a password.
Once run, the icecast process itself will be owned by user "ice".

: I've compiled icecast with both encryption and tcp_wrappers enabled.
: I've added to my /etc/hosts.deny file the line
[...]
: I believe that those files however are readable only by root

They shouldn't be.  Generally /etc/hosts.allow and /etc/hosts.deny have
permissions of 644 and owned by user root and group root.  This will be
fine if icecast is run as an unprivledged user as it only needs to be
able to read those files--not write or modify them.


-- 
------------------------------------------------------------------------------
 Michael | mfaurot  | You have the power to influence all with whom you come
 Faurot  | atww.net | in contact.

--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.




More information about the Icecast mailing list