Date: Tue, 13 Jul 1999 20:04:45 +0100 From: Ian Dowse <iedowse@maths.tcd.ie> To: "Brian F. Feldman" <green@FreeBSD.org> Cc: hackers@FreeBSD.org Subject: Re: a BSD identd Message-ID: <199907132004.aa08685@salmon.maths.tcd.ie> In-Reply-To: Your message of "Tue, 13 Jul 1999 09:51:43 EDT." <Pine.BSF.4.10.9907130946220.76301-100000@janus.syracuse.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.10.9907130946220.76301-100000@janus.syracuse.net>, "Bria n F. Feldman" writes: >On 13 Jul 1999, Ville-Pertti Keinonen wrote: > >> >> green@FreeBSD.org (Brian F. Feldman) writes: >> >> > It's "out with the bad, in with the good." Pidentd code is pretty terrible >. >> > The only security concerns with my code were wrt FAKEID, and those were >> > mostly fixed (mostly meaning that a symlink _may_ be opened, but it won't >> > be read.) If anyone wants to audit my code for security, I invite them to. >> >> Did you mean to avoid reading through symlinks using the open + fstat >> method mentioned earlier in the thread? > >No, I meant to avoid opening a file the user couldn't, or reading from a dev. Why not actually store the fake ID in a symbolic link? That way you just do a readlink(), which would be safer, neater and faster than reading a file. A user can set up a fake ID with something like: ln -s "Warm-Fuzzy" .fakeid Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi? <199907132004.aa08685>