mir/spoofident
2
0
Fork 0
mirror of https://github.com/flotwig/spoofident synced 2025-08-22 01:57:44 +00:00
Code Issues Projects Releases Wiki Activity

Adding setgid option

Browse Source
This commit is contained in:
Zach Bloomquist 2014-06-16 13:30:11 -04:00
parent 8e018c4aa9
commit 25f63d4cc1
3 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -10,7 +10,8 @@ Installation
`cd ./spoofident/`
2. Copy the spoofident.json.example file to spoofident.json and fill out the settings. Here follows an explanation for the various settings:
* **listeners**: An array of two-value arrays -- host/port pairs which spoofident will listen on. By default, it is set to ["0.0.0.0",113],["::",113]; that is, the identd port on all IPv4 and IPv6 interfaces. You may need to remove the second listener if your system lacks IPv6 support.
* **setuid**: Very important. This is the uid which spoofident will drop down to. Because ident runs on a port <1000, it requires root privileges to bind to that port. Even though spoofident is a very secure daemon, it's poor practice to run any server as root, so spoofident will drop to this uid immediately after binding to the listeners specified. Please note that this is a uid, not a username - it is a numerical ID for a user on your system. By default it is 65534, the standard ID for "nobody" on Linux.
* **setuid**: Very important. This is the user ID which spoofident will drop down to. Because ident runs on a port <1000, it requires root privileges to bind to that port. Even though spoofident is a very secure daemon, it's poor practice to run any server as root, so spoofident will drop to this uid immediately after binding to the listeners specified. Please note that this is a uid, not a username - it is a numerical ID for a user on your system. By default it is 65534, the standard ID for "nobody" on Linux.
* **setgid**: Same as **setuid** but for group ID. By default 65534 for nogroup.
* **user**: This is the username which will be returned for all requests to spoofident. Keep it display-safe ASCII.
* **os**: This is the OS string. The RFC defines it as an uppercase display-safe ASCII string. It doesn't really matter what you set this to. I advise setting it to some jibberish or keeping it as "SPOOF" as to avoid disclosing information about your system.
3. Run spoofident.py as root to start the daemon.

1
spoofident.json.example
View File

@ -4,6 +4,7 @@
[ "::", 113 ]
],
"setuid": 65534,
"setgid": 65534,
"user": "fakeuser",
"os": "SPOOF"
}

3
spoofident.py
View File

@ -1,4 +1,4 @@
from os import setuid
from os import setuid,setgid
from json import load
import dualstack
def handleIdent(fd):
@ -20,6 +20,7 @@ if __name__ == "__main__":
settings=load(config)
config.close()
server = dualstack.MultipleSocketsListener(settings['listeners'])
setgid(settings['setgid'])
setuid(settings['setuid'])
while True:
conn,addr=server.accept()