special files as .plans?
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Sat Aug 25 12:56:40 AEST 1990
In article <1990Aug24.224727.26823 at boingo.med.jhu.edu> dave at boingo.med.jhu.edu (David Heath) writes:
[ made named pipe ~/.plan, had finger daemon writing plans to it ]
[ sysadmin asked about it ]
> so I sent him the
> source and explained how it worked. The next day, I got a message that
> said, in part, "As I'm sure you have surmised, you have discovered a MAJOR
> security hole."
[ said no, but sysadmin modified finger anyway to ignore special files ]
[ ultrix 4.0's finger also ignores special .plan and .project ]
> "Is this really a security hole?"
No.
There are three problems with finger that can lead to security holes:
1. Many versions of finger don't convert control characters to printable
forms. This is the client's responsibility in case of a network finger.
Anyway, .plan and .project can contain dangerous control sequences.
2. There is no easy way for a sysadmin or user to restrict the flow of
information to the network. See, e.g., some of Steve Bellovin's articles
for clear explanations of why this is a problem.
3. The network finger daemon is not careful to flush output before
reading .plan and .project. Hence a user can stop all finger information
from going to the outside by setting up ~/.plan as a named pipe without
a writer. Note: As long as #2 is not corrected, this is a feature, not a
bug! The minor inconvenience of hanging fingerd is irrelevant compared
to the dangers of releasing too much information.
---Dan
More information about the Comp.unix.wizards
mailing list