[icecast] Funky password mount point error for liveice and ic ecast - PLZ HL P!

David Kramer DKramer at reflect.com
Wed Feb 18 17:47:55 PST 2004



Pete - Thanks for the hack, I've gone in an adjusted the necessary
lines(Even though my C is REALLY rusty, cut and paste to the rescue), I
re-compiled the source, so hopefully things will work once I get home to
test.  You mentioned that I shouldnt use this for a Public Production
server, is there any other security measures I can take to override this
exploit? I had planned on running it public, but maybe not anymore.   Im
jail root'd and will have the files locked down. Thoughts?

DK 

> -----Original Message-----
> From: Pete Flaherty [mailto:pjf at cape.com]
> Sent: Wednesday, February 18, 2004 5:09 PM
> To: icecast at xiph.org
> Subject: RE: [icecast] Funky password mount point error for 
> liveice and
> ic ecast - PLZ HL P!
> 
> 
> I managed to get liveice working. It has to do with the new icecast2
> security. I've included a 'Hack' to bypass the need for the source to
> use the username. Basically they all have a username (internally to
> Icecast) of 'source'
> 
> I really think the new authentication mechanism is a plus, 
> But the rest
> of the world not quite bleeding has its drawbacks too.
> 
> I read somewhere that there sill be an option to set the username to
> whatever you want ( and hope 'null' is an option for backwards
> compatability). 
> 
> I believe this will work, mine did, but I was really busy hacking
> several other things that night I may have missed someting...
> icecast2 - letme-in hack
>  MRU 20040124 V0.3  pjf at cape.com Pete Flaherty
> 
> This hack is for the connections.c source file, and will make the
> username 'source'
> Icecast2 requires the use of a username password pair for
> authentication. 
> 
> Many sources at this poing (eg xmms liveice ) do not supply 
> any type of
> username, 
>  and if they do it is not set to 'source'. This hack willl force the
> username to 'source'
>  without regaurd for what the source program is telling it.
>  
> -- WARNING -- This hack bypasses a small part of the icecast2 
> security,
> and is not
>  recommended for public production servers. Tightening of security to
> only allow
>  specific IPs to stream to the server is encouraged.
> 
> Reference the hacked version is from CVS as of Jan 24 2004, 
> though this
> should be 
>  applicable to most icecast2 source code.
>  
> You will need to compile source code to make a working icecast server 
> 
> Bypass hack lines                                 | Original source
> lines
> --------------------                              |
> ---------------------
> //if(mountinfo->username)                         |            
> if(mountinfo->username)
>     mountinfo->username = "source";               |           
>       user
> = mountinfo->username                                         
>          ;
>     user = "source" ;                             |             break;
> break;                                            <
> On Wed, 2004-02-18 at 19:45, David Kramer wrote:
> > OH MAN THANK YOU!!! I have been pulling my hair trying to 
> get this $hit to
> > work for weeks now.  What other DSPs do you recommend 
> instead of LiveIce?
> > Either that or when do you expect the patch to be released?
> > 
> > Thank you so much!!!
> > 
> > DK
> > 
> > > -----Original Message-----
> > > From: Michael Smith [mailto:msmith at xiph.org]
> > > Sent: Wednesday, February 18, 2004 4:35 PM
> > > To: icecast at xiph.org
> > > Subject: Re: [icecast] Funky password mount point error for 
> > > liveice and
> > > icecast - PLZ HL P!
> > > 
> > > 
> > > On Thursday 19 February 2004 10:51, David Kramer wrote:
> > > > Im running in a chroot'd environment:
> > > >
> > > > RH 9.0
> > > > lame-3.93.1
> > > > icecast-2.0.0
> > > > LiveIcePatched-1.0.0
> > > > xmms-1.2.7
> > > >
> > > 
> > > Liveice uses an old protocol which isn't supported in icecast2. 
> > > I hacked together a patch the other day to make liveice work, 
> > > someone is 
> > > putting that together with the intent to release an update to 
> > > liveice with 
> > > proper support.
> > > 
> > > Mike
> > > 
> > > --- >8 ----
> > > List archives:  http://www.xiph.org/archives/
> > > icecast project homepage: http://www.icecast.org/
> > > To unsubscribe from this list, send a message to 
> > > 'icecast-request at xiph.org'
> > > containing only the word 'unsubscribe' in the body.  No 
> > > subject is needed.
> > > Unsubscribe messages sent to the list will be ignored/filtered.
> > > 
> > --- >8 ----
> > List archives:  http://www.xiph.org/archives/
> > icecast project homepage: http://www.icecast.org/
> > To unsubscribe from this list, send a message to 
> 'icecast-request at xiph.org'
> > containing only the word 'unsubscribe' in the body.  No 
> subject is needed.
> > Unsubscribe messages sent to the list will be ignored/filtered.
> -- 
> -Pete
> pjf at cape.com
> http://vsa.cape.com/~pjf
> http://www.mraudrey.net
> 
> --- >8 ----
> List archives:  http://www.xiph.org/archives/
> icecast project homepage: http://www.icecast.org/
> To unsubscribe from this list, send a message to 
> 'icecast-request at xiph.org'
> containing only the word 'unsubscribe' in the body.  No 
> subject is needed.
> Unsubscribe messages sent to the list will be ignored/filtered.
> 
--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.



More information about the Icecast mailing list