Bugtraq mailing list archives
[sa2c () and or jp: bin/21704: enabling fingerd makes files world readable]
From: Przemyslaw Frasunek <venglin () FREEBSD LUBLIN PL>
Date: Mon, 2 Oct 2000 20:56:40 +0200
----- Forwarded message from sa2c () and or jp ----- From: sa2c () and or jp To: FreeBSD-gnats-submit () freebsd org Subject: bin/21704: enabling fingerd makes files world readable
Number: 21704 Category: bin Synopsis: enabling fingerd makes files world readable Confidential: no Severity: serious Priority: medium Responsible: freebsd-bugs State: open Quarter: Keywords: Date-Required: Class: sw-bug Submitter-Id: current-users Arrival-Date: Mon Oct 02 11:50:00 PDT 2000 Closed-Date: Last-Modified: Originator: NIIMI Satoshi Release: FreeBSD 4.1.1-RELEASE i386 Organization: Environment:
FreeBSD berkeley.us.and.or.jp 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE #0: Wed Sep 27 00:28:17 JST 2000 sa2c () berkeley us and or jp:/usr/obj/usr/src/sys/GENERIC i386
Description:
If finger takes full path name as user name, it prints out contents of that file. Because fingerd executes finger as local information provider, finger /path/to/file () some host prints /path/to/file at some.host.
How-To-Repeat:
finger /path/to/file () some host
Fix:
Index: finger.c =================================================================== RCS file: /home/ncvs/src/usr.bin/finger/finger.c,v retrieving revision 1.15.2.3 diff -u -r1.15.2.3 finger.c --- finger.c 2000/09/15 21:51:00 1.15.2.3 +++ finger.c 2000/10/02 18:04:06 @@ -318,26 +318,19 @@ /* * Traverse the list of possible login names and check the login name - * and real name against the name specified by the user. If the name - * begins with a '/', try to read the file of that name instead of - * gathering the traditional finger information. + * and real name against the name specified by the user. */ if (mflag) for (p = argv; *p; ++p) { - if (**p != '/' || !show_text("", *p, "")) { - if (((pw = getpwnam(*p)) != NULL) && !hide(pw)) - enter_person(pw); - else - warnx("%s: no such user", *p); - } + if (((pw = getpwnam(*p)) != NULL) && !hide(pw)) + enter_person(pw); + else + warnx("%s: no such user", *p); } else { while ((pw = getpwent()) != NULL) { for (p = argv, ip = used; *p; ++p, ++ip) - if (**p == '/' && *ip != 1 - && show_text("", *p, "")) - *ip = 1; - else if (match(pw, *p) && !hide(pw)) { + if (match(pw, *p) && !hide(pw)) { enter_person(pw); *ip = 1; }
Release-Note: Audit-Trail: Unformatted:
To Unsubscribe: send mail to majordomo () FreeBSD org with "unsubscribe freebsd-bugs" in the body of the message ----- End forwarded message ----- -- * Fido: 2:480/124 ** WWW: http://www.freebsd.lublin.pl ** NIC-HDL: PMF9-RIPE * * Inet: venglin () freebsd lublin pl ** PGP: D48684904685DF43 EA93AFA13BE170BF *
Current thread:
- [sa2c () and or jp: bin/21704: enabling fingerd makes files world readable] Przemyslaw Frasunek (Oct 02)
- Re: [sa2c () and or jp: bin/21704: enabling fingerd makes files world readable] Przemyslaw Frasunek (Oct 04)
- Re: [sa2c () and or jp: bin/21704: enabling fingerd makes files world readable] Warner Losh (Oct 04)