Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 18 Oct 1995 11:39:56 PDT
From:      Bill Fenner <fenner@parc.xerox.com>
To:        joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
Cc:        dv@xkis.nnov.su (Dmitry Valdov), freebsd-bugs@freebsd.org
Subject:   Re: secure finger is not enought secure 
Message-ID:  <95Oct18.114006pdt.177487@crevenia.parc.xerox.com>
In-Reply-To: Your message of "Sat, 14 Oct 95 10:56:45 PDT." <199510141756.SAA11380@uriah.heep.sax.de> 

next in thread | previous in thread | raw e-mail | index | archive | help
This is a multipart MIME message.

--===_0_Wed_Oct_18_11:37:54_PDT_1995
Content-Type: text/plain; charset=us-ascii

In message <199510141756.SAA11380@uriah.heep.sax.de> J"org wrote:
>> merahq: {2} telnet localhost finger
>> Trying 127.0.0.1...
>> Connected to localhost.
>> Escape character is '^]'.
>
>This is an entirely different matter.  It's not the finger service as
>invoked via inetd(8).  If you've already got access to the local
>machine, it doesn't make sense if you couldn't run finger locally.

It is indeed the finger service as invoked via inetd, and although it was 
perhaps a bad example, it does indeed work remotely.

In fact, you can pass any options to finger, including getting the normal 
finger output:

crevenia% telnet baobab finger
Trying 13.2.116.113 ...
Connected to baobab.
Escape character is '^]'.
--
Login    Name                 TTY  Idle  Login Time   Office     Office Phone
fenner   Bill Fenner          *v1   13d  Oct  4 13:12
fenner   Bill Fenner           p0   13d  Oct  4 13:14
fenner   Bill Fenner           p1        Oct 10 13:23
root     Charlie Root         *v0   13d  Oct  4 13:11
Connection closed by foreign host.

The attached diff should fix it; this might perhaps want to be in 2.1 (or at 
least documented as insecure!).  It only counts things without leading dashes 
as usernames.

  Bill


--===_0_Wed_Oct_18_11:37:54_PDT_1995
Content-Type: text/plain; charset=us-ascii
Content-Description: fingerd.c.diff

--- fingerd.c.orig	Wed Oct 18 11:32:54 1995
+++ fingerd.c	Wed Oct 18 11:45:16 1995
@@ -67,7 +67,7 @@
 	register char *lp;
 	struct hostent *hp;
 	struct sockaddr_in sin;
-	int p[2], logging, secure, sval;
+	int p[2], logging, secure, sval, gotuser;
 #define	ENTRIES	50
 	char **ap, *av[ENTRIES + 1], **comp, line[1024], *prog;
 
@@ -107,13 +107,10 @@
 		exit(1);
 
 	comp = &av[1];
+	gotuser = 0;
 	for (lp = line, ap = &av[2];;) {
 		*ap = strtok(lp, " \t\r\n");
 		if (!*ap) {
-			if (secure && ap == &av[2]) {
-				puts("must provide username\r\n");
-				exit(1);
-			}
 			break;
 		}
 		if (secure && strchr(*ap, '@')) {
@@ -126,9 +123,17 @@
 			av[1] = "-l";
 			comp = &av[0];
 		}
-		else if (++ap == av + ENTRIES)
-			break;
+		else {
+			if ((*ap)[0] != '-')
+				gotuser++;
+			if (++ap == av + ENTRIES)
+				break;
+		}
 		lp = NULL;
+	}
+	if (secure && !gotuser) {
+		puts("must provide username\r\n");
+		exit(1);
 	}
 
 	if (lp = strrchr(prog, '/'))

--===_0_Wed_Oct_18_11:37:54_PDT_1995--




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?95Oct18.114006pdt.177487>