Freeradius -X option

Guy Fraser guy at
Tue Jul 17 16:48:34 CEST 2007

Rascher, Markus wrote:

> Hi All,
> First, i have to say, that I'm a newbie in freeradius-developing.
> The -X option of radiusd can be used to spoof passwords if the attacker
> is able to start the radius-deamon in -X mode. Is there a possibility to
> compile Freeradius without the ability to start in debugging mode?

If someone has the ability to start the radius daemon, then they 
have the ability to capture the clear text passwords by means other 
than using debug. It is far better to secure your machine so that
attackers can not get access in order to "start the radius-deamon 
in -X mode". It may well be necessary for the administrator to 
use the debug mode, if they run into problems and need assistance 
from this community, so disabling it could be a bad idea. That 
being said, all you have to do to disable it, is to remove the 
option from the list of acceptable switches in your code. I can 
not see any reason to build a compile time switch to disable the 
debug feature since there is likely very few people who would prefer 
to disable debug mode over securing their server.

Guy Fraser
Network Administrator
The Internet Centre

More information about the Freeradius-Devel mailing list