--b5gNqxB1S1yM7hjW Content-Type: multipart/mixed; boundary=G4iJoqBmSsgzjUCe --G4iJoqBmSsgzjUCe Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Hi, I found a couple of bugs in ffingerd 1.19 which are related to privacy. Here goes: The permission on root's home directory are now 700 (/home/root). ----- (aristo)/cc/eilon>finger rootat_private [host.domain] Login: root Name: #6 No project. No plan. No public key. ----- A lesson in how not to be seen. On host.domain, the user doesn't want to be seen (please stand up :)). Too bad, his/her home directory's permissions (which says 'I want some privacy') makes ffingerd state otherwise. Ffingerd looks for the file .nofinger in the user's home directory but due to the current state of permissions on it, it can't be accessed thus "there is no such file" and there for is happy to supply us with the user's information. ----- # cd ~root # ls -l .nofinger -rw-r--r-- 1 root system 0 Apr 23 18:01 .nofinger # ls -ld . drwx------ 5 root system 512 Apr 23 18:01 . # chmod 755 . ----- Now lets try again. ----- (aristo)/cc/eilon>finger rootat_private [host.domain] That user does not want to be fingered ----- Hmmm, now for an unknown user. ----- (aristo)/cc/eilon>finger root1at_private [host.domain] That user does not want to be fingered. ----- Oops. Notice the dot ('.') at the end of the sentence. A very simple and efficient way to find whether the user exists on the remote host or not (taking into account the fact that ffingerd has been installed on the remote host). Attached here a patch to fix those problems. --=20 Eilon Gishri eilonat_private Security Consultant Office: +972-3-6406723 Israel Inter University Computation Center Fax: +972-3-6409118 /* On a matter of national security */ Home: +972-3-5078671 --G4iJoqBmSsgzjUCe Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="ffingerd-1.19.patch" --- ffingerd.c.old Thu Feb 18 12:50:36 1999 +++ ffingerd.c Fri Apr 23 18:48:54 1999 @@ -134,7 +134,7 @@ setgid(pwd->pw_gid); setuid(pwd->pw_uid); sprintf(filename,"%.200s/.nofinger",pwd->pw_dir); - if (lstat(filename,&stat_buf)) { + if((lstat(filename,&stat_buf) == -1) && (errno == ENOENT)) { #ifndef NO_SYSLOG #ifdef FASCIST_LOGGING char message[512]; @@ -154,7 +154,7 @@ dump_file(filename,"Public key:","No public key."); } else { char message[512]; - puts("That user does not want to be fingered"); + puts("That user does not want to be fingered."); #ifndef NO_SYSLOG sprintf(message,"attempt to finger \"%.200s\" from %.200s\n",pwd->pw_name,remote); syslog(LOG_FACILITY,"%s",message); --G4iJoqBmSsgzjUCe-- --b5gNqxB1S1yM7hjW Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBNyCfIvVKfLHHWKDtAQHExgP/RGQeg1byBqGTRlQzOUeKfDrPSteHjzNh J2uGXE3Q7+i38HwuAfswSsF6VZgxCYDh527mJdWS10I+FZqnlpP19Oj5e3G85KSJ Q/iEKu4e2pPiA6Bqk7+41OXnehbDIzSeA13yTx3v16O6IYg+qbWm3lvw9zW+4rG1 XQ/KP66UFwA= =FSNu -----END PGP SIGNATURE----- --b5gNqxB1S1yM7hjW--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:43:35 PDT