Xref: utzoo comp.unix.programmer:142 alt.security:1641
Path: utzoo!utgpu!cs.utexas.edu!wuarchive!udel!haven!mimsy!mojo!lidl
From: lidl@eng.umd.edu (Kurt J. Lidl)
Newsgroups: comp.unix.programmer,alt.security
Subject: Re: how to put a program into a .plan file
Message-ID: <1990Sep30.033320.13512@eng.umd.edu>
Date: 30 Sep 90 03:33:20 GMT
References: <4109@rtifs1.UUCP> <38200@eerie.acsu.Buffalo.EDU> <697@VAX1.CC.UAKRON.EDU>
Sender: news@eng.umd.edu (The News System)
Followup-To: alt.security
Organization: Merriversity of Uniland, College Purgatory
Lines: 33

Much discussion has occured as to whether or not it is possible to
make the output of "finger" be the output of a file.  The discussion
then moved on to how much of the systems resources are taken up by
sleeping on a named pipe.

It would seem to me (IMHO) that the finger program is the proper
place to fix the entire program...  This would take care of both
common situations that occur -- fingering a person that is on the
local machine, and fingering a person at a remote machine.

Is there any problem (security-wise) with having finger parse
the .plan file...  So a .plan file that contains:

|/home/elves/lidl/bin/finger-quoted

whould do an exec() on that program and then just shuffle the
output of that program back to the finger program?

I don't see any real problems here, except that a improperly
set up /usr/libexec/fingerd program that operates as root
would be a bit of a security hole.  Most version of fingerd
either try to do a setuid to "nobody" or are invoked that
way from inetd or are setuid to "nobody".

Any comments on this?  I think that the hacking needed to finger
would be minimal, to say the least.  Thanks in advance for the
discussion as to whether or not other security holes would result
from this simple modification.

Follows have been directed to alt.security...
--
/* Kurt J. Lidl (lidl@eng.umd.edu) | Unix is the answer, but only if you */
/* UUCP: uunet!eng.umd.edu!lidl    | phrase the question very carefully. */