Date: Wed, 18 Oct 1995 11:39:56 PDT From: Bill Fenner <fenner@parc.xerox.com> To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) Cc: dv@xkis.nnov.su (Dmitry Valdov), freebsd-bugs@freebsd.org Subject: Re: secure finger is not enought secure Message-ID: <95Oct18.114006pdt.177487@crevenia.parc.xerox.com> In-Reply-To: Your message of "Sat, 14 Oct 95 10:56:45 PDT." <199510141756.SAA11380@uriah.heep.sax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multipart MIME message.
--===_0_Wed_Oct_18_11:37:54_PDT_1995
Content-Type: text/plain; charset=us-ascii
In message <199510141756.SAA11380@uriah.heep.sax.de> J"org wrote:
>> merahq: {2} telnet localhost finger
>> Trying 127.0.0.1...
>> Connected to localhost.
>> Escape character is '^]'.
>
>This is an entirely different matter. It's not the finger service as
>invoked via inetd(8). If you've already got access to the local
>machine, it doesn't make sense if you couldn't run finger locally.
It is indeed the finger service as invoked via inetd, and although it was
perhaps a bad example, it does indeed work remotely.
In fact, you can pass any options to finger, including getting the normal
finger output:
crevenia% telnet baobab finger
Trying 13.2.116.113 ...
Connected to baobab.
Escape character is '^]'.
--
Login Name TTY Idle Login Time Office Office Phone
fenner Bill Fenner *v1 13d Oct 4 13:12
fenner Bill Fenner p0 13d Oct 4 13:14
fenner Bill Fenner p1 Oct 10 13:23
root Charlie Root *v0 13d Oct 4 13:11
Connection closed by foreign host.
The attached diff should fix it; this might perhaps want to be in 2.1 (or at
least documented as insecure!). It only counts things without leading dashes
as usernames.
Bill
--===_0_Wed_Oct_18_11:37:54_PDT_1995
Content-Type: text/plain; charset=us-ascii
Content-Description: fingerd.c.diff
--- fingerd.c.orig Wed Oct 18 11:32:54 1995
+++ fingerd.c Wed Oct 18 11:45:16 1995
@@ -67,7 +67,7 @@
register char *lp;
struct hostent *hp;
struct sockaddr_in sin;
- int p[2], logging, secure, sval;
+ int p[2], logging, secure, sval, gotuser;
#define ENTRIES 50
char **ap, *av[ENTRIES + 1], **comp, line[1024], *prog;
@@ -107,13 +107,10 @@
exit(1);
comp = &av[1];
+ gotuser = 0;
for (lp = line, ap = &av[2];;) {
*ap = strtok(lp, " \t\r\n");
if (!*ap) {
- if (secure && ap == &av[2]) {
- puts("must provide username\r\n");
- exit(1);
- }
break;
}
if (secure && strchr(*ap, '@')) {
@@ -126,9 +123,17 @@
av[1] = "-l";
comp = &av[0];
}
- else if (++ap == av + ENTRIES)
- break;
+ else {
+ if ((*ap)[0] != '-')
+ gotuser++;
+ if (++ap == av + ENTRIES)
+ break;
+ }
lp = NULL;
+ }
+ if (secure && !gotuser) {
+ puts("must provide username\r\n");
+ exit(1);
}
if (lp = strrchr(prog, '/'))
--===_0_Wed_Oct_18_11:37:54_PDT_1995--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?95Oct18.114006pdt.177487>