[icecast] Funky password mount point error for liveice and ic ecast - PLZ HL P!
Pete Flaherty
pjf at cape.com
Thu Feb 19 02:24:24 UTC 2004
Wel It's a kinda standard disclaimer. Truth is I believe this is as
secure as Icecaast1x. But I didn't write the code, and can't be 100%
sure..... and of course needs testing.
Mine has been running for about 2 weeks now, so if nothing else it's
stable
-Pete
On Wed, 2004-02-18 at 20:47, David Kramer wrote:
> Pete - Thanks for the hack, I've gone in an adjusted the necessary
> lines(Even though my C is REALLY rusty, cut and paste to the rescue), I
> re-compiled the source, so hopefully things will work once I get home to
> test. You mentioned that I shouldnt use this for a Public Production
> server, is there any other security measures I can take to override this
> exploit? I had planned on running it public, but maybe not anymore. Im
> jail root'd and will have the files locked down. Thoughts?
>
> DK
>
> > -----Original Message-----
> > From: Pete Flaherty [mailto:pjf at cape.com]
> > Sent: Wednesday, February 18, 2004 5:09 PM
> > To: icecast at xiph.org
> > Subject: RE: [icecast] Funky password mount point error for
> > liveice and
> > ic ecast - PLZ HL P!
> >
> >
> > I managed to get liveice working. It has to do with the new icecast2
> > security. I've included a 'Hack' to bypass the need for the source to
> > use the username. Basically they all have a username (internally to
> > Icecast) of 'source'
> >
> > I really think the new authentication mechanism is a plus,
> > But the rest
> > of the world not quite bleeding has its drawbacks too.
> >
> > I read somewhere that there sill be an option to set the username to
> > whatever you want ( and hope 'null' is an option for backwards
> > compatability).
> >
> > I believe this will work, mine did, but I was really busy hacking
> > several other things that night I may have missed someting...
> > icecast2 - letme-in hack
> > MRU 20040124 V0.3 pjf at cape.com Pete Flaherty
> >
> > This hack is for the connections.c source file, and will make the
> > username 'source'
> > Icecast2 requires the use of a username password pair for
> > authentication.
> >
> > Many sources at this poing (eg xmms liveice ) do not supply
> > any type of
> > username,
> > and if they do it is not set to 'source'. This hack willl force the
> > username to 'source'
> > without regaurd for what the source program is telling it.
> >
> > -- WARNING -- This hack bypasses a small part of the icecast2
> > security,
> > and is not
> > recommended for public production servers. Tightening of security to
> > only allow
> > specific IPs to stream to the server is encouraged.
> >
> > Reference the hacked version is from CVS as of Jan 24 2004,
> > though this
> > should be
> > applicable to most icecast2 source code.
> >
> > You will need to compile source code to make a working icecast server
> >
> > Bypass hack lines | Original source
> > lines
> > -------------------- |
> > ---------------------
> > //if(mountinfo->username) |
> > if(mountinfo->username)
> > mountinfo->username = "source"; |
> > user
> > = mountinfo->username
> > ;
> > user = "source" ; | break;
> > break; <
> > On Wed, 2004-02-18 at 19:45, David Kramer wrote:
> > > OH MAN THANK YOU!!! I have been pulling my hair trying to
> > get this $hit to
> > > work for weeks now. What other DSPs do you recommend
> > instead of LiveIce?
> > > Either that or when do you expect the patch to be released?
> > >
> > > Thank you so much!!!
> > >
> > > DK
> > >
> > > > -----Original Message-----
> > > > From: Michael Smith [mailto:msmith at xiph.org]
> > > > Sent: Wednesday, February 18, 2004 4:35 PM
> > > > To: icecast at xiph.org
> > > > Subject: Re: [icecast] Funky password mount point error for
> > > > liveice and
> > > > icecast - PLZ HL P!
> > > >
> > > >
> > > > On Thursday 19 February 2004 10:51, David Kramer wrote:
> > > > > Im running in a chroot'd environment:
> > > > >
> > > > > RH 9.0
> > > > > lame-3.93.1
> > > > > icecast-2.0.0
> > > > > LiveIcePatched-1.0.0
> > > > > xmms-1.2.7
> > > > >
> > > >
> > > > Liveice uses an old protocol which isn't supported in icecast2.
> > > > I hacked together a patch the other day to make liveice work,
> > > > someone is
> > > > putting that together with the intent to release an update to
> > > > liveice with
> > > > proper support.
> > > >
> > > > Mike
> > > >
> > > > --- >8 ----
> > > > List archives: http://www.xiph.org/archives/
> > > > icecast project homepage: http://www.icecast.org/
> > > > To unsubscribe from this list, send a message to
> > > > 'icecast-request at xiph.org'
> > > > containing only the word 'unsubscribe' in the body. No
> > > > subject is needed.
> > > > Unsubscribe messages sent to the list will be ignored/filtered.
> > > >
> > > --- >8 ----
> > > List archives: http://www.xiph.org/archives/
> > > icecast project homepage: http://www.icecast.org/
> > > To unsubscribe from this list, send a message to
> > 'icecast-request at xiph.org'
> > > containing only the word 'unsubscribe' in the body. No
> > subject is needed.
> > > Unsubscribe messages sent to the list will be ignored/filtered.
> > --
> > -Pete
> > pjf at cape.com
> > http://vsa.cape.com/~pjf
> > http://www.mraudrey.net
> >
> > --- >8 ----
> > List archives: http://www.xiph.org/archives/
> > icecast project homepage: http://www.icecast.org/
> > To unsubscribe from this list, send a message to
> > 'icecast-request at xiph.org'
> > containing only the word 'unsubscribe' in the body. No
> > subject is needed.
> > Unsubscribe messages sent to the list will be ignored/filtered.
> >
> --- >8 ----
> List archives: http://www.xiph.org/archives/
> icecast project homepage: http://www.icecast.org/
> To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
> containing only the word 'unsubscribe' in the body. No subject is needed.
> Unsubscribe messages sent to the list will be ignored/filtered.
--
-Pete
pjf at cape.com
http://vsa.cape.com/~pjf
http://www.mraudrey.net
--- >8 ----
List archives: http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Icecast
mailing list