leres@ace.ee.lbl.gov (Craig Leres) (12/15/88)
Description:
As distributed, fingerd allows third party fingers. This makes
it impossible for sites who wish to syslog remote finger
requests to log original site.
Repeat-By:
Install site logging in fingerd and then do something like:
% finger @arpa@ucbvax
The target finger on arpa will look like it was done from
ucbvax instead of the machine the finger was run on.
Fix:
Don't allow third party fingers. (Obviously, this only keeps
your own systems from helping someone do a third party finger,
but it's a start.)
*** fingerd.c Wed Dec 14 14:07:32 1988
--- fingerd.c.new Wed Dec 14 14:29:23 1988
***************
*** 22,28 ****
#endif /* not lint */
#ifndef lint
! static char sccsid[] = "@(#)fingerd.c 5.4 (Berkeley) 11/23/88";
#endif /* not lint */
#include <stdio.h>
--- 22,28 ----
#endif /* not lint */
#ifndef lint
! static char sccsid[] = "@(#)fingerd.c 5.4++ (Berkeley) 11/23/88";
#endif /* not lint */
#include <stdio.h>
***************
*** 48,53 ****
--- 48,57 ----
if (!fgets(line, sizeof(line), stdin))
exit(1);
+
+ /* Don't allow third party fingers */
+ if (lp = (char *)index(line, '@'))
+ *lp = '\0';
av[0] = "finger";
for (lp = line, ap = &av[1];;) {tadguy@cs.odu.edu (Tad Guy) (12/15/88)
In article <1477@helios.ee.lbl.gov>, leres@ace (Craig Leres) writes: > As distributed, fingerd allows third party fingers. This makes > it impossible for sites who wish to syslog remote finger > requests to log original site. > % finger @arpa@ucbvax > Don't allow third party fingers.... I consider this a feature, not a bug. Several times I've depended on this behavior to determine if another site was really down or if the Internet routes were being screwy (can you guess which it usually was?). I expect others have found this useful as well. I'd suggest against others disabling it... ...tad -- Tad Guy <tadguy@cs.odu.edu> Old Dominion University, Norfolk, VA
Dave Lawrence (12/16/88)
tadguy@cs.odu.edu (Tad Guy) wrote: >In article <1477@helios.ee.lbl.gov>, leres@ace (Craig Leres) writes: >> As distributed, fingerd allows third party fingers. This makes >> it impossible for sites who wish to syslog remote finger >> requests to log original site. >> % finger @arpa@ucbvax >> Don't allow third party fingers.... > >I consider this a feature, not a bug. Several times I've depended on I appreciate it too ... if I'm on a machine that doesn't have as complete a host table as another machine I know, then I can usually effectively use the other machine to get what I want to know. My question is this: why would a site want to log remote finger requests? Dave -- tale@rpitsmts.bitnet, tale%mts@rpitsgw.rpi.edu, tale@pawl.rpi.edu
jin@hplabsz.HPL.HP.COM (Tai Jin) (12/16/88)
Re: third-party fingers It's certainly useful at times. So I've made it an option in my version. ...tai
leres@ace.ee.lbl.gov (Craig Leres) (12/18/88)
Dave Lawrence writes: > My question is this: why would a site want to log remote finger requests? I do it mostly for security (see my posting on "fascist syslogging" in comp.unix.wizards). It helped me get on top of the internet worm minutes after it entered LBL. I also find it interesting to see who's fingering me (and have successfully ducked phone calls from obnoxious individuals on several occasions). Craig
lee@unmvax.unm.edu (Lee Ward) (12/18/88)
Hey, while your at it, fix mail to. Bug: mail allows third party mail. Yes, that's right! Someone can use YOUR machine to route through to another. They do it mostly with UUCP. However, RFC 822 allows "source routing" so it can happen with internet mail as well. Well, as I see it we ought to delete UUCP and not run sendmail as a daemon. Other notable nasties include, proxy ftp, CSNET mailers, BITNET mailers. I'm sure the list goes on and on... Many of these don't log either! "Oh my", you say? Well, even if it is logged it's already too late so we better take action now! The "real", guaranteed fix is (get ready!): become root and... cd /; rm -rf . or for those with more experience... become root and... rm -rf / Then turn that space heater you call a compter off and go home. You could also just responsibly fix bugs and holes in various utilities as they pop up and forget about denying fuctionality in the name of facism. Nah, too easy. Try the fix above instead. It requires no thought, nor presents any challenge. The goal *is* restriction over functionality, right? -- --Lee (Ward)
earle@mahendo.Jpl.Nasa.Gov (Greg Earle) (12/18/88)
Allowing third party `finger's also allows one to `reach around' a site
that has a gateway with ipforwarding turned off. Admittedly, one has
to know something about the layout of the network behind the curtain
(where Carol Merrill is now standing (^: ), but hey, Mr. Morris has taught
us a thing (fing?) or two about fingerd ...
On the other hand, I've found 3rd party fingers to come in really useful
at times. Just for fun, as a cheap way of finding out whether a Sun
Tech Support Engineer was at the Los Angeles office before I reached for
the phone, I'd do
finger @losangeles@mountainviewgateway@sun.com
from a JPL machine (in a past life). Fun!
(N.B. names of internal Sun machines above are wrong, for obvious reasons ... )
--
Greg Earle earle@Sun.COM
Sun Microsystems poseur!earle@mahendo.JPL.NASA.GOV
Los Angeles Consulting earle%mahendo@elroy.JPL.NASA.GOV
...!{cit-vax,ames}!elroy!poseur!earle ...!sun!tsunami!valley!poseur!earleleres@ace.ee.lbl.gov (Craig Leres) (12/19/88)
Just in case some of you weren't paying attention, let me warn you to NOT apply the unimaginative "fix" suggested by Lee (psycho) Ward. If you want to trash your system, less time consuming techniques are available. I think what happened here is that when Lee got up today, his horoscope said something like, "Another long day of electro-shock treatment ahead, you might as well post thoughtless, pointless, unprovoked, gratuitous flame." Craig P.S. Although Lee's flame was probably an attempt to spoof me, it was his non-parallel sentence contruction that upset me.
nate@altos86.UUCP (Nathaniel Ingersoll) (12/23/88)
In article <2206@unmvax.unm.edu> lee@unmvax.unm.edu (Lee Ward) writes:
:Hey, while your at it, fix mail to.
:
:Bug: mail allows third party mail.
In the same light, better remove all the TCPIP routing stuff too -
it allows third party packets ..... :-)
:
: --Lee (Ward)
--
Nathaniel Ingersoll
Altos Computer Systems, SJ CA
...!ucbvax!sun!altos86!nate
altos86!nate@sun.comtrn@aplcomm.jhuapl.edu (Tony Nardo) (12/23/88)
In article <381@mahendo.Jpl.Nasa.Gov> poseur!earle@mahendo.JPL.NASA.GOV (Greg Earle) writes: >Allowing third party `finger's also allows one to `reach around' a site >that has a gateway with ipforwarding turned off. Admittedly, one has >to know something about the layout of the network behind the curtain >(where Carol Merrill is now standing (^: ), but hey, Mr. Morris has taught >us a thing (fing?) or two about fingerd ... These third party "finger" probes are also good for telling if a remote node is really down or if the routing tables have been hit by the Routing Render :-(. Until the whole UNIX World is blessed with properly functioning name servers, there will be some sites which can not be reached by "finger" *EXCEPT* with the third party "finger" capacity. My native site, "warper", is an example of this. (Conceded, "warper" can be reached directly via the raw Internet #, but anyone with access to *that* doesn't need to use it anyway.) Even then, third party "finger" access is necessary to reach some sites which are not on the main Internet. (`Can you say "local network"? I thought you could.') No matter how good name servers become, there is *at least* one site I know of that I can not reach without routing thru a specific third party. I had once thought that an "ultimate origin" field in "sockaddr" would be useful. Unfortunately, short of passing *every* internet node # in the path along, site on local networks could still evade detection. Maybe a file /etc/exportfinger is in order? :-) ================================================================================ ARPA: trn@aplcomm.jhuapl.edu UUCP: {backbone!}mimsy!aplcomm!trn BITNET: trn@warper.jhuapl.edu "Always remember that those who can, do, and that those who can't, teach. And those who can't teach become critics. That's why there're so many of them." PORTRAIT OF THE ARTIST AS A YOUNG GOD (Stephen Goldin) ================================================================================