Freeradius -X option
guy at incentre.net
Tue Jul 17 16:48:34 CEST 2007
Rascher, Markus wrote:
> Hi All,
> First, i have to say, that I'm a newbie in freeradius-developing.
> The -X option of radiusd can be used to spoof passwords if the attacker
> is able to start the radius-deamon in -X mode. Is there a possibility to
> compile Freeradius without the ability to start in debugging mode?
If someone has the ability to start the radius daemon, then they
have the ability to capture the clear text passwords by means other
than using debug. It is far better to secure your machine so that
attackers can not get access in order to "start the radius-deamon
in -X mode". It may well be necessary for the administrator to
use the debug mode, if they run into problems and need assistance
from this community, so disabling it could be a bad idea. That
being said, all you have to do to disable it, is to remove the
option from the list of acceptable switches in your code. I can
not see any reason to build a compile time switch to disable the
debug feature since there is likely very few people who would prefer
to disable debug mode over securing their server.
The Internet Centre
More information about the Freeradius-Devel