From proff Mon May 13 19:29:20 1996 Received: (proff@localhost) by suburbia.net (8.7.4/Proff-950810) id TAA26688 for best-of-security; Mon, 13 May 1996 19:29:20 +1000 Received: (list@localhost) by suburbia.net (8.7.4/Proff-950810) id MAA00775 for proff@suburbia.net; Fri, 10 May 1996 12:11:30 +1000 X-Envelope-From: dugsong@umich.edu Fri May 10 12:11:28 1996 Received: from laciotat.ifs.umich.edu (root@laciotat.ifs.umich.edu [141.211.168.47]) by suburbia.net (8.7.4/Proff-950810) with ESMTP id MAA00759 for ; Fri, 10 May 1996 12:11:16 +1000 Received: from laciotat.ifs.umich.edu by laciotat.ifs.umich.edu (8.7.5/2.2) id WAA11913; Thu, 9 May 1996 22:10:38 -0400 (EDT) Date: Thu, 9 May 1996 22:10:37 -0400 (EDT) From: Douglas Song X-Sender: dugsong@laciotat.ifs.umich.edu To: bugtraq@crimelab.com, best-of-security@suburbia.net, linux-security@tarsier.cv.nrao.edu Subject: Patch for ytalk-3.2 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: proff Someone recently sent me a hacked ytalk client that spoofed the caller's username, pretty lame. This is a patch to ytalk-3.2 to do detect such spoofs via IDENT; really an abuse of the protocol, but what the heck. One lame hack deserves another. *** comm.c Thu May 9 21:35:50 1996 --- comm.c.dug Thu May 9 21:33:41 1996 *************** *** 601,606 **** --- 601,622 ---- show_error("connect_user: bad read"); return; } + #ifdef USE_IDENT + { + char *ident = '\0'; + + ident = ident_id(fd, 10); + + if (ident == '\0') { + strcat(user->full_name," (unverified)"); + } + else if (strncmp(user->user_name, ident, NAME_SIZE) != 0) { + strcat(strcpy(user->full_name, user->user_name), "("); + strncat(user->full_name, ident, NAME_SIZE); + strcat(strcat(user->full_name, ")@"), user->host_name); + } + } + #endif /* USE_IDENT */ if(open_term(user, user->full_name) < 0) { free_user(user); *** header.h Thu May 9 21:35:44 1996 --- header.h.dug Thu May 9 21:33:14 1996 *************** *** 31,36 **** --- 31,39 ---- #ifdef USE_X11 # include #endif + #ifdef USE_IDENT + #include + #endif #define VMAJOR 3 /* major version number */ #define VMINOR 0 /* minor version number */ *** Imakefile Thu May 9 21:35:36 1996 --- Imakefile.dug Thu May 9 21:41:11 1996 *************** *** 30,39 **** #SLIBS = -lsun # ! # If you are on a sun running solaris 2.* you might need to uncomment the ! # following line. #SLIBS = -lnsl -lsocket # # If your machine has a 64-bit architecture or uses 64-bit 'long's, then you --- 30,40 ---- #SLIBS = -lsun # ! # If you are on a sun running solaris 2.* you need to uncomment the ! # following lines. #SLIBS = -lnsl -lsocket + #SDEFS = -DSYSV # # If your machine has a 64-bit architecture or uses 64-bit 'long's, then you *************** *** 56,66 **** Y_BINDIR = /usr/local/bin Y_MANDIR = /usr/local/man/man1 ############################################################ ## Past this point, you shouldn't need to modify anything ## ############################################################ ! LIB = -lcurses -ltermcap $(SLIBS) $(XLIB) ! DEFINES = -DUSE_X11 -I/usr/local/include $(TDEFS) $(BDEFS) $(RCDEF) LDFLAGS = $(LDOPTIONS) OBJ = main.o term.o user.o fd.o comm.o menu.o socket.o rc.o exec.o cwin.o \ xwin.o --- 57,79 ---- Y_BINDIR = /usr/local/bin Y_MANDIR = /usr/local/man/man1 + # + # Uncomment the and edit the following if you want ytalk to check + # the caller's name against the info given by his IDENT daemon. This + # is an abuse of the protocol, but oh well. Not everyone runs Zephyr. + # libident available from ftp://ftp.lysator.liu.edu/pub/ident/libs + + #IDEFS = -DUSE_IDENT + #ILIB = -L/usr/local/lib -lident + #IINC = -I/usr/local/include + + ############################################################ ## Past this point, you shouldn't need to modify anything ## ############################################################ ! LIB = -lcurses -ltermcap $(SLIBS) $(XLIB) $(ILIB) ! DEFINES = -DUSE_X11 -I/usr/local/include $(IINC) $(IDEFS) $(SDEFS) \ ! $(TDEFS) $(BDEFS) $(RCDEF) LDFLAGS = $(LDOPTIONS) OBJ = main.o term.o user.o fd.o comm.o menu.o socket.o rc.o exec.o cwin.o \ xwin.o