[icecast] A few Newbie Questions
Andrew M. Wu
andrewwu at Princeton.EDU
Sun Feb 25 20:07:35 UTC 2001
Great - thank you for the info! =)
Will try out your suggestions.
Andrew
On Sun, 25 Feb 2001, Michael Faurot wrote:
> In article <983130226.25873 at phzzzt.atww.org> you wrote:
>
> : 1) With regards to the recent buffer-overflow exploit and the
> : recommendation of running icecast as a non-root user, how exactly does
> : one do that?
>
> I do it via "su". I use a pseudo user named "ice" and have this in a
> shell program that starts icecast:
>
> exec su --login -c "/usr/local/icecast/bin/icecast" ice &
>
> NOTE: root needs to run this, so it won't be prompted for a password.
> Once run, the icecast process itself will be owned by user "ice".
>
> : I've compiled icecast with both encryption and tcp_wrappers enabled.
> : I've added to my /etc/hosts.deny file the line
> [...]
> : I believe that those files however are readable only by root
>
> They shouldn't be. Generally /etc/hosts.allow and /etc/hosts.deny have
> permissions of 644 and owned by user root and group root. This will be
> fine if icecast is run as an unprivledged user as it only needs to be
> able to read those files--not write or modify them.
>
> --
> ------------------------------------------------------------------------------
> Michael | mfaurot | You have the power to influence all with whom you come
> Faurot | atww.net | in contact.
>
> --- >8 ----
> List archives: http://www.xiph.org/archives/
> icecast project homepage: http://www.icecast.org/
> To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
> containing only the word 'unsubscribe' in the body. No subject is needed.
> Unsubscribe messages sent to the list will be ignored/filtered.
>
--- >8 ----
List archives: http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Icecast
mailing list