OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: [sa2cand.or.jp: bin/21704: enabling fingerd makes files world readable]
From: Przemyslaw Frasunek (venglinFREEBSD.LUBLIN.PL)
Date: Mon Oct 02 2000 - 13:56:40 CDT


----- Forwarded message from sa2cand.or.jp -----

From: sa2cand.or.jp
To: FreeBSD-gnats-submitfreebsd.org
Subject: bin/21704: enabling fingerd makes files world readable

>Number: 21704
>Category: bin
>Synopsis: enabling fingerd makes files world readable
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Oct 02 11:50:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: NIIMI Satoshi
>Release: FreeBSD 4.1.1-RELEASE i386
>Organization:
>Environment:

FreeBSD berkeley.us.and.or.jp 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE #0: Wed Sep 27 00:28:17 JST 2000 sa2cberkeley.us.and.or.jp:/usr/obj/usr/src/sys/GENERIC i386

>Description:

If finger takes full path name as user name, it prints out contents of
that file. Because fingerd executes finger as local information
provider, finger /path/to/filesome.host prints /path/to/file at
some.host.

>How-To-Repeat:

finger /path/to/filesome.host

>Fix:

Index: finger.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/finger/finger.c,v
retrieving revision 1.15.2.3
diff -u -r1.15.2.3 finger.c
--- finger.c 2000/09/15 21:51:00 1.15.2.3
+++ finger.c 2000/10/02 18:04:06
-318,26 +318,19

         /*
          * Traverse the list of possible login names and check the login name
- * and real name against the name specified by the user. If the name
- * begins with a '/', try to read the file of that name instead of
- * gathering the traditional finger information.
+ * and real name against the name specified by the user.
          */
         if (mflag)
                 for (p = argv; *p; ++p) {
- if (**p != '/' || !show_text("", *p, "")) {
- if (((pw = getpwnam(*p)) != NULL) && !hide(pw))
- enter_person(pw);
- else
- warnx("%s: no such user", *p);
- }
+ if (((pw = getpwnam(*p)) != NULL) && !hide(pw))
+ enter_person(pw);
+ else
+ warnx("%s: no such user", *p);
                 }
         else {
                 while ((pw = getpwent()) != NULL) {
                         for (p = argv, ip = used; *p; ++p, ++ip)
- if (**p == '/' && *ip != 1
- && show_text("", *p, ""))
- *ip = 1;
- else if (match(pw, *p) && !hide(pw)) {
+ if (match(pw, *p) && !hide(pw)) {
                                         enter_person(pw);
                                         *ip = 1;
                                 }

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

----- End forwarded message -----

--
* Fido: 2:480/124 ** WWW: http://www.freebsd.lublin.pl ** NIC-HDL: PMF9-RIPE *
* Inet: venglinfreebsd.lublin.pl ** PGP: D48684904685DF43  EA93AFA13BE170BF *