Bugtraq mailing list archives
[sa2c () and or jp: bin/21704: enabling fingerd makes files world readable]
From: Przemyslaw Frasunek <venglin () FREEBSD LUBLIN PL>
Date: Mon, 2 Oct 2000 20:56:40 +0200
----- Forwarded message from sa2c () and or jp ----- From: sa2c () and or jp To: FreeBSD-gnats-submit () freebsd org Subject: bin/21704: enabling fingerd makes files world readable
Number: 21704 Category: bin Synopsis: enabling fingerd makes files world readable Confidential: no Severity: serious Priority: medium Responsible: freebsd-bugs State: open Quarter: Keywords: Date-Required: Class: sw-bug Submitter-Id: current-users Arrival-Date: Mon Oct 02 11:50:00 PDT 2000 Closed-Date: Last-Modified: Originator: NIIMI Satoshi Release: FreeBSD 4.1.1-RELEASE i386 Organization: Environment:
FreeBSD berkeley.us.and.or.jp 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE #0: Wed Sep 27 00:28:17 JST 2000 sa2c () berkeley us and or jp:/usr/obj/usr/src/sys/GENERIC i386
Description:
If finger takes full path name as user name, it prints out contents of that file. Because fingerd executes finger as local information provider, finger /path/to/file () some host prints /path/to/file at some.host.
How-To-Repeat:
finger /path/to/file () some host
Fix:
Index: finger.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/finger/finger.c,v
retrieving revision 1.15.2.3
diff -u -r1.15.2.3 finger.c
--- finger.c 2000/09/15 21:51:00 1.15.2.3
+++ finger.c 2000/10/02 18:04:06
@@ -318,26 +318,19 @@
/*
* Traverse the list of possible login names and check the login name
- * and real name against the name specified by the user. If the name
- * begins with a '/', try to read the file of that name instead of
- * gathering the traditional finger information.
+ * and real name against the name specified by the user.
*/
if (mflag)
for (p = argv; *p; ++p) {
- if (**p != '/' || !show_text("", *p, "")) {
- if (((pw = getpwnam(*p)) != NULL) && !hide(pw))
- enter_person(pw);
- else
- warnx("%s: no such user", *p);
- }
+ if (((pw = getpwnam(*p)) != NULL) && !hide(pw))
+ enter_person(pw);
+ else
+ warnx("%s: no such user", *p);
}
else {
while ((pw = getpwent()) != NULL) {
for (p = argv, ip = used; *p; ++p, ++ip)
- if (**p == '/' && *ip != 1
- && show_text("", *p, ""))
- *ip = 1;
- else if (match(pw, *p) && !hide(pw)) {
+ if (match(pw, *p) && !hide(pw)) {
enter_person(pw);
*ip = 1;
}
Release-Note: Audit-Trail: Unformatted:
To Unsubscribe: send mail to majordomo () FreeBSD org with "unsubscribe freebsd-bugs" in the body of the message ----- End forwarded message ----- -- * Fido: 2:480/124 ** WWW: http://www.freebsd.lublin.pl ** NIC-HDL: PMF9-RIPE * * Inet: venglin () freebsd lublin pl ** PGP: D48684904685DF43 EA93AFA13BE170BF *
Current thread:
- [sa2c () and or jp: bin/21704: enabling fingerd makes files world readable] Przemyslaw Frasunek (Oct 02)
- Re: [sa2c () and or jp: bin/21704: enabling fingerd makes files world readable] Przemyslaw Frasunek (Oct 04)
- Re: [sa2c () and or jp: bin/21704: enabling fingerd makes files world readable] Warner Losh (Oct 04)