Date: Tue, 13 Jul 1999 15:12:51 -0400 (EDT) From: "Brian F. Feldman" <green@FreeBSD.org> To: Ian Dowse <iedowse@maths.tcd.ie> Cc: hackers@FreeBSD.org Subject: Re: a BSD identd Message-ID: <Pine.BSF.4.10.9907131511590.86113-100000@janus.syracuse.net> In-Reply-To: <199907132004.aa08685@salmon.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 13 Jul 1999, Ian Dowse wrote: > In message <Pine.BSF.4.10.9907130946220.76301-100000@janus.syracuse.net>, "Bria > n F. Feldman" writes: > >On 13 Jul 1999, Ville-Pertti Keinonen wrote: > > > >> > >> green@FreeBSD.org (Brian F. Feldman) writes: > >> > >> > It's "out with the bad, in with the good." Pidentd code is pretty terrible > >. > >> > The only security concerns with my code were wrt FAKEID, and those were > >> > mostly fixed (mostly meaning that a symlink _may_ be opened, but it won't > >> > be read.) If anyone wants to audit my code for security, I invite them to. > >> > >> Did you mean to avoid reading through symlinks using the open + fstat > >> method mentioned earlier in the thread? > > > >No, I meant to avoid opening a file the user couldn't, or reading from a dev. > > Why not actually store the fake ID in a symbolic link? That way you just > do a readlink(), which would be safer, neater and faster than reading a > file. A user can set up a fake ID with something like: > > ln -s "Warm-Fuzzy" .fakeid Hysterical raisins. ~/.fakeid being a text file is how it's always been done. That would be a better idea if I didn't mind confusing the hell out of people :) > > Ian > Brian Fundakowski Feldman _ __ ___ ____ ___ ___ ___ green@FreeBSD.org _ __ ___ | _ ) __| \ FreeBSD: The Power to Serve! _ __ | _ \._ \ |) | http://www.FreeBSD.org/ _ |___/___/___/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9907131511590.86113-100000>