thx -----Ursprüngliche Nachricht----- Von: freeradius-devel-bounces+markus.mr.rascher=siemens.com@lists.freeradius.org [mailto:freeradius-devel-bounces+markus.mr.rascher=siemens.com@lists.freeradius.org] Im Auftrag von Alan DeKok Gesendet: Montag, 16. Juli 2007 11:27 An: FreeRadius developers mailing list Betreff: Re: Freeradius -X option Rascher, Markus wrote:
The -X option of radiusd can be used to spoof passwords if the attacker is able to start the radius-deamon in -X mode.
Only if you break the default install. If the attacker is able to *start* the server in -X mode, then it means that the site administrator has given "a+r" permission to the server configuration files. The simple answer is: "Don't do that". The server will refuse to start if its configuration files are globally readable. So it's secure.
Is there a possibility to compile Freeradius without the ability to start in debugging mode?
Edit the source code. Good luck trying to figure out why your policies don't work if you don't have -X. As you may have noticed from the README, FAQ, INSTALL, and daily messages on the -users list, using -X is *highly* recommended. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html