AW: Freeradius -X option
Rascher, Markus
markus.mr.rascher at siemens.com
Mon Jul 16 11:29:44 CEST 2007
thx
-----Ursprüngliche Nachricht-----
Von: freeradius-devel-bounces+markus.mr.rascher=siemens.com at lists.freeradius.org [mailto:freeradius-devel-bounces+markus.mr.rascher=siemens.com at lists.freeradius.org] Im Auftrag von Alan DeKok
Gesendet: Montag, 16. Juli 2007 11:27
An: FreeRadius developers mailing list
Betreff: Re: Freeradius -X option
Rascher, Markus wrote:
> The -X option of radiusd can be used to spoof passwords if the attacker
> is able to start the radius-deamon in -X mode.
Only if you break the default install.
If the attacker is able to *start* the server in -X mode, then it
means that the site administrator has given "a+r" permission to the
server configuration files.
The simple answer is: "Don't do that".
The server will refuse to start if its configuration files are
globally readable. So it's secure.
> Is there a possibility to
> compile Freeradius without the ability to start in debugging mode?
Edit the source code.
Good luck trying to figure out why your policies don't work if you
don't have -X. As you may have noticed from the README, FAQ, INSTALL,
and daily messages on the -users list, using -X is *highly* recommended.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
More information about the Freeradius-Devel
mailing list