Bugtraq mailing list archives

Re: Ffingerd privacy issues

From: leitner-bugtraq () MATH FU-BERLIN DE (Felix von Leitner)
Date: Fri, 23 Apr 1999 19:43:33 +0200


--RnlQjJ0d97Da+TV1
Content-Type: text/plain; charset=us-ascii

Thus spake Eilon Gishri (eilon () aristo tau ac il):

  I found a couple of bugs in ffingerd 1.19 which are related to
privacy.


OK.  I would be happy if you email me (the author) first before
publishing this on bugtraq.  Next time, maybe.

[ffingerd assumes the user wants to be fingered if his home does not
give public execute access]

This is documented in ffingerd.  If you want ffingerd to look into
protected homes, run it as root.

-----
(aristo)/cc/eilon>finger root@host.domain
[host.domain]
That user does not want to be fingered
-----

Hmmm, now for an unknown user.

-----
(aristo)/cc/eilon>finger root1@host.domain
[host.domain]
That user does not want to be fingered.
-----

Oops. Notice the dot ('.') at the end of the sentence. A very simple
and efficient way to find whether the user exists on the remote host
or not (taking into account the fact that ffingerd has been installed
on the remote host).


This has been pointed out to me yesterday.  I fixed it today (before I
saw this message, by the way), and announced version 1.20 on Freshmeat
pointing out this fixed problem.  Did you see my announcement and then
posted to bugtraq?

--- ffingerd.c.old    Thu Feb 18 12:50:36 1999
+++ ffingerd.c        Fri Apr 23 18:48:54 1999
@@ -134,7 +134,7 @@
   setgid(pwd->pw_gid);
   setuid(pwd->pw_uid);
   sprintf(filename,"%.200s/.nofinger",pwd->pw_dir);
-  if (lstat(filename,&stat_buf)) {
+  if((lstat(filename,&stat_buf) == -1) && (errno == ENOENT)) {
 #ifndef NO_SYSLOG
 #ifdef FASCIST_LOGGING
     char message[512];


This is debatable.
If a user wants privacy, he should remove the world readable permission,
not the world executable permission.

I will not add this right now but think it over.  If anyone wants to
comment on the way to go here, feel free to email me.  I would prefer
discussion this in private email than on bugtraq, but if you must, I
will also read bugtraq comments.

@@ -154,7 +154,7 @@
     dump_file(filename,"Public key:","No public key.");
   } else {
     char message[512];
-    puts("That user does not want to be fingered");
+    puts("That user does not want to be fingered.");
 #ifndef NO_SYSLOG
     sprintf(message,"attempt to finger \"%.200s\" from %.200s\n",pwd->pw_name,remote);
     syslog(LOG_FACILITY,"%s",message);


This has already been fixed.

Felix

--RnlQjJ0d97Da+TV1
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQCVAwUBNyCxQx/Da1Yoy+f1AQFvLgQAi9C+FNkDsr9rKBVlPd92BBQa3/Zm5b3b
GXF8djbQV3F1wWfMKSp7yQiBsF9RiTkVLYN19pn5VGWZ1jTtkGQLv8/9KICjd5v0
FQpjkaCm8tKmW0fKbQJxKDpP2Ij4UlDg3HHs+mU8k3JbU8614ke0iYuZHKbvzJKS
kOzb9WC8taY=
=NhDF
-----END PGP SIGNATURE-----

--RnlQjJ0d97Da+TV1--

Current thread:

Re: Bash Bug Andy Church (Apr 21)
- Re: Bash Bug Guy Cohen (Apr 22)
  - WebShop advisory. Elaich Of Hhp (Apr 22)
  - cold fusion scanner hYP0[13/\r (Apr 22)
  - Re: Bash Bug Daniel Jacobowitz (Apr 22)
  - Final Call for Papers - CQRE [Secure] networking Detlef Hühnlein (Apr 23)
  - Ffingerd privacy issues Eilon Gishri (Apr 23)
    - Re: Ffingerd privacy issues Felix von Leitner (Apr 23)
    - Re: Ffingerd privacy issues Eilon Gishri (Apr 23)
    - Re: Ffingerd privacy issues Dagmar d'Surreal (Apr 23)
- Re: Bash Bug Ph. Rueegsegger (Apr 23)
- <Possible follow-ups>
- Re: Bash Bug Henrik Nordstrom (Apr 22)