Toomas Soome enscribed thusly:
> On Mon, 13 Jul 1998, Michael H. Warfield wrote:
> > I would also like to remark about one thing. Solar Designer
> > quoted one possible action from the advisory. That one point was a
> > suggestion made by my Sun contacts. It was NOT our recommendation as
> > the action to be taken. My PERSONAL recommendation is to disable finger
> > if at all possible. It provides way too much information about accounts and
> actually, finger is only top of ice mountain, what it will do:
> setpwent()
> while( getpwent() ) {}
> endpwent()
> nothing more. but, if this is such simple, nothing will prevent users
> INSIDE to write this; easy and simple way to block sysadmins while
> cleaning trails or whatever. Actually, there are not only password tables
> around - there are tables for services, mail aliases etc. After all,
> calling NIS functions directly is not such big mystery...
Oh... Absolutely... One of my reasons for going into such detail
in the advisory was to ephasize to everyone that this was not really a finger
problem but inherent in the way the libraries worked. For that reason
it would be easy for someone to create a new nusance either accidentally
or intentionally. I wanted people to understand just where the problem
really existed and to come up with better solutions. The NIS caching idea
sounds like a good approach.
To be honest, I hadn't given quite so much thought to a local user
creating such a simple program and running it on multiple systems in quite
that way, but it is certainly feasable. It's also feasable that he would
rapidly get his butt kicked right into next week if caught playing with
something like this. :-)
The only thing about a local user doing something like this is
that he would so completely load down his own system that it would rapidly
become unusable and forget about anything he was remotely connected to.
You can't do much clean up when your program demands so much horsepower
from the system that the screensaver stops dead in its tracks. :-)
> just another way to generate load for server- if there are netgroups used
> for some kind of access control - tcpd wrapper, NFS access etc...
> so, even if You can survive one type of attack - netgroups are not too big
> etc, combining different types may be just enough to bring down system...
A few months ago a couple of the Samba guys were discussing how to
"enumerate NIS+ maps" for something or other. I'm hoping they are not
on the verge of recreating this problem somewhere else and those messages
help me move my release schedule for this advisory up a bit. Time to send
Luke and Jeremy their personal copies... :-)
> toomas soome
> Tartu University, Estonia
> --
> Gee, I feel kind of LIGHT in the head now, knowing I can't make my
> satellite dish PAYMENTS!
Mike
--
Michael H. Warfield | (770) 985-6132 | mhwat_private
(The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:04:21 PDT