[icecast] Funky password mount point error for liveice and ic ecast - PLZ HL P!

Pete Flaherty pjf at cape.com
Wed Feb 18 18:24:24 PST 2004



Wel It's a kinda standard disclaimer.  Truth is I believe this is as
secure as Icecaast1x.  But I didn't write the code, and can't be 100%
sure..... and of course needs testing.

Mine has been running for about 2 weeks now, so if nothing else it's
stable

-Pete

On Wed, 2004-02-18 at 20:47, David Kramer wrote:
> Pete - Thanks for the hack, I've gone in an adjusted the necessary
> lines(Even though my C is REALLY rusty, cut and paste to the rescue), I
> re-compiled the source, so hopefully things will work once I get home to
> test.  You mentioned that I shouldnt use this for a Public Production
> server, is there any other security measures I can take to override this
> exploit? I had planned on running it public, but maybe not anymore.   Im
> jail root'd and will have the files locked down. Thoughts?
> 
> DK 
> 
> > -----Original Message-----
> > From: Pete Flaherty [mailto:pjf at cape.com]
> > Sent: Wednesday, February 18, 2004 5:09 PM
> > To: icecast at xiph.org
> > Subject: RE: [icecast] Funky password mount point error for 
> > liveice and
> > ic ecast - PLZ HL P!
> > 
> > 
> > I managed to get liveice working. It has to do with the new icecast2
> > security. I've included a 'Hack' to bypass the need for the source to
> > use the username. Basically they all have a username (internally to
> > Icecast) of 'source'
> > 
> > I really think the new authentication mechanism is a plus, 
> > But the rest
> > of the world not quite bleeding has its drawbacks too.
> > 
> > I read somewhere that there sill be an option to set the username to
> > whatever you want ( and hope 'null' is an option for backwards
> > compatability). 
> > 
> > I believe this will work, mine did, but I was really busy hacking
> > several other things that night I may have missed someting...
> > icecast2 - letme-in hack
> >  MRU 20040124 V0.3  pjf at cape.com Pete Flaherty
> > 
> > This hack is for the connections.c source file, and will make the
> > username 'source'
> > Icecast2 requires the use of a username password pair for
> > authentication. 
> > 
> > Many sources at this poing (eg xmms liveice ) do not supply 
> > any type of
> > username, 
> >  and if they do it is not set to 'source'. This hack willl force the
> > username to 'source'
> >  without regaurd for what the source program is telling it.
> >  
> > -- WARNING -- This hack bypasses a small part of the icecast2 
> > security,
> > and is not
> >  recommended for public production servers. Tightening of security to
> > only allow
> >  specific IPs to stream to the server is encouraged.
> > 
> > Reference the hacked version is from CVS as of Jan 24 2004, 
> > though this
> > should be 
> >  applicable to most icecast2 source code.
> >  
> > You will need to compile source code to make a working icecast server 
> > 
> > Bypass hack lines                                 | Original source
> > lines
> > --------------------                              |
> > ---------------------
> > //if(mountinfo->username)                         |            
> > if(mountinfo->username)
> >     mountinfo->username = "source";               |           
> >       user
> > = mountinfo->username                                         
> >          ;
> >     user = "source" ;                             |             break;
> > break;                                            <
> > On Wed, 2004-02-18 at 19:45, David Kramer wrote:
> > > OH MAN THANK YOU!!! I have been pulling my hair trying to 
> > get this $hit to
> > > work for weeks now.  What other DSPs do you recommend 
> > instead of LiveIce?
> > > Either that or when do you expect the patch to be released?
> > > 
> > > Thank you so much!!!
> > > 
> > > DK
> > > 
> > > > -----Original Message-----
> > > > From: Michael Smith [mailto:msmith at xiph.org]
> > > > Sent: Wednesday, February 18, 2004 4:35 PM
> > > > To: icecast at xiph.org
> > > > Subject: Re: [icecast] Funky password mount point error for 
> > > > liveice and
> > > > icecast - PLZ HL P!
> > > > 
> > > > 
> > > > On Thursday 19 February 2004 10:51, David Kramer wrote:
> > > > > Im running in a chroot'd environment:
> > > > >
> > > > > RH 9.0
> > > > > lame-3.93.1
> > > > > icecast-2.0.0
> > > > > LiveIcePatched-1.0.0
> > > > > xmms-1.2.7
> > > > >
> > > > 
> > > > Liveice uses an old protocol which isn't supported in icecast2. 
> > > > I hacked together a patch the other day to make liveice work, 
> > > > someone is 
> > > > putting that together with the intent to release an update to 
> > > > liveice with 
> > > > proper support.
> > > > 
> > > > Mike
> > > > 
> > > > --- >8 ----
> > > > List archives:  http://www.xiph.org/archives/
> > > > icecast project homepage: http://www.icecast.org/
> > > > To unsubscribe from this list, send a message to 
> > > > 'icecast-request at xiph.org'
> > > > containing only the word 'unsubscribe' in the body.  No 
> > > > subject is needed.
> > > > Unsubscribe messages sent to the list will be ignored/filtered.
> > > > 
> > > --- >8 ----
> > > List archives:  http://www.xiph.org/archives/
> > > icecast project homepage: http://www.icecast.org/
> > > To unsubscribe from this list, send a message to 
> > 'icecast-request at xiph.org'
> > > containing only the word 'unsubscribe' in the body.  No 
> > subject is needed.
> > > Unsubscribe messages sent to the list will be ignored/filtered.
> > -- 
> > -Pete
> > pjf at cape.com
> > http://vsa.cape.com/~pjf
> > http://www.mraudrey.net
> > 
> > --- >8 ----
> > List archives:  http://www.xiph.org/archives/
> > icecast project homepage: http://www.icecast.org/
> > To unsubscribe from this list, send a message to 
> > 'icecast-request at xiph.org'
> > containing only the word 'unsubscribe' in the body.  No 
> > subject is needed.
> > Unsubscribe messages sent to the list will be ignored/filtered.
> > 
> --- >8 ----
> List archives:  http://www.xiph.org/archives/
> icecast project homepage: http://www.icecast.org/
> To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
> containing only the word 'unsubscribe' in the body.  No subject is needed.
> Unsubscribe messages sent to the list will be ignored/filtered.

-- 
-Pete
pjf at cape.com
http://vsa.cape.com/~pjf
http://www.mraudrey.net

--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.




More information about the Icecast mailing list