Unidentified subject!

To: Debian Developers <debian-devel@lists.debian.org>
Cc: wnpp@debian.org
Subject: Unidentified subject!
From: Christian Kurz <shorty@debian.org>
Date: Mon, 14 Jun 1999 16:51:20 +0200
Message-id: <[🔎] 19990614165120.A10176@jupiter.rhein-neckar.de>
Mail-followup-to: Debian Developers <debian-devel@lists.debian.org>, wnpp@debian.org

Hi,

I intend to package ffingerd, another finger daemon. Here an except
from the README:

- - - - - - - - Snip here to damage your screeen - - - - - - - -
ffingerd - Fefe's small and secure finger daemon

   This finger daemon is meant to be invoked via inetd, just like the
   standard finger daemon.  I wrote this program because the standard
   finger daemon allows several things I don't like, namely :

     evil.com$ finger root@poor.victim.com@innocuous.edu
       - which is like "finger root@poor.victim.com", but the finger
         originates from innocuous.edu instead of evil.com
     evil.com$ finger @poor.victim.com
       - which lists all the users logged into poor.victim.com, so an
         intruder can look whether someone is logged in who could detect
         his intrusion
     evil.com$ finger luser@poor.victim.com
     Login: luser                            Name: J. Random Luser
     Directory: /home/luser                  Shell: /bin/sh
     Last login Thu Nov  2 01:49 (MET DST) on ttyp3 from other.victim.com
     No mail.
     No Plan.
       - Why should finger give away the home directory and the login shell
         of all the lusers ?  The "Last login" information should not be
         given away, too, as it can be used to find seldom used accounts
         which can safely be cracked into.  I don't think we should tell
         the fingeree whether luser has mail.

  This is this finger daemon's output:
    evil.com$ finger root@poor.victim.com@innocuous.edu
    [innocuous.edu]
    Sorry, we do not support indirect finger queries.
    evil.com$ finger @poor.victim.com
    [poor.victim.com]
    Sorry, we do not support empty finger queries for security reasons.
    evil.com$ finger luser@poor.victim.com
    [poor.victim.com]
    Login: luser                              Name: J. Random Luser
    No project.
    No plan.
    No PGP public key.
    evil.com$ finger root@poor.victim.com
    [poor.victim.com]
    That user does not want to be fingered

  That last message appears when the fingered user has the file
  ".nofinger" in his home.  The PGP public key is the file ".pubkey"
  which is treated just like the ".plan" file.

  Fingerd creates several syslog messages if something suspicious
  happens :

  Nov  3 19:13:21 xorn fingerd[1033]: attempt to finger root from 127.0.0.1
  Nov  3 19:14:12 xorn fingerd[1052]: empty finger attempt from 127.0.0.1
  Nov  3 19:15:53 xorn fingerd[1077]: indirect finger attempt at root@localhost from 127.0.0.1
  Aug 26 00:51:11 xorn syslog: file "/home/leitner/.plan" is a symbolic link to "/etc/shadow"!
- - - - - - - - Snip here to damage your screeen - - - - - - - -

Cheers
       Christian
-- 
********************************************************************
* Christian Kurz                          Debian Developer/QA-Team *
*         Use Debian - a free Operating System for your PC         *
********************************************************************

Reply to:

Prev by Date: Re: Editor and sensible-editor
Next by Date: Re: /etc/environment
Previous by thread: Intent to package "vivid" (was Re: An 'ae' testimony)
Next by thread: Unidentified subject!
Index(es):
- Date
- Thread