Date: Tue, 13 Jul 1999 15:12:51 -0400 (EDT) From: "Brian F. Feldman" <green@FreeBSD.org> To: Ian Dowse <iedowse@maths.tcd.ie> Cc: hackers@FreeBSD.org Subject: Re: a BSD identd Message-ID: <Pine.BSF.4.10.9907131511590.86113-100000@janus.syracuse.net> In-Reply-To: <199907132004.aa08685@salmon.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 13 Jul 1999, Ian Dowse wrote:
> In message <Pine.BSF.4.10.9907130946220.76301-100000@janus.syracuse.net>, "Bria
> n F. Feldman" writes:
> >On 13 Jul 1999, Ville-Pertti Keinonen wrote:
> >
> >>
> >> green@FreeBSD.org (Brian F. Feldman) writes:
> >>
> >> > It's "out with the bad, in with the good." Pidentd code is pretty terrible
> >.
> >> > The only security concerns with my code were wrt FAKEID, and those were
> >> > mostly fixed (mostly meaning that a symlink _may_ be opened, but it won't
> >> > be read.) If anyone wants to audit my code for security, I invite them to.
> >>
> >> Did you mean to avoid reading through symlinks using the open + fstat
> >> method mentioned earlier in the thread?
> >
> >No, I meant to avoid opening a file the user couldn't, or reading from a dev.
>
> Why not actually store the fake ID in a symbolic link? That way you just
> do a readlink(), which would be safer, neater and faster than reading a
> file. A user can set up a fake ID with something like:
>
> ln -s "Warm-Fuzzy" .fakeid
Hysterical raisins. ~/.fakeid being a text file is how it's always been done.
That would be a better idea if I didn't mind confusing the hell out of
people :)
>
> Ian
>
Brian Fundakowski Feldman _ __ ___ ____ ___ ___ ___
green@FreeBSD.org _ __ ___ | _ ) __| \
FreeBSD: The Power to Serve! _ __ | _ \._ \ |) |
http://www.FreeBSD.org/ _ |___/___/___/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9907131511590.86113-100000>