Freeradius -X option
Alan DeKok
aland at deployingradius.com
Mon Jul 16 11:26:30 CEST 2007
Rascher, Markus wrote:
> The -X option of radiusd can be used to spoof passwords if the attacker
> is able to start the radius-deamon in -X mode.
Only if you break the default install.
If the attacker is able to *start* the server in -X mode, then it
means that the site administrator has given "a+r" permission to the
server configuration files.
The simple answer is: "Don't do that".
The server will refuse to start if its configuration files are
globally readable. So it's secure.
> Is there a possibility to
> compile Freeradius without the ability to start in debugging mode?
Edit the source code.
Good luck trying to figure out why your policies don't work if you
don't have -X. As you may have noticed from the README, FAQ, INSTALL,
and daily messages on the -users list, using -X is *highly* recommended.
Alan DeKok.
More information about the Freeradius-Devel
mailing list