Bugtraq mailing list archives

Fingerd Summary

From: adam () bwh harvard edu (Adam Shostack)
Date: Thu, 20 Oct 94 14:48:53 EDT


        About two weeks ago, I posted asking for versions of finger
that did logging and filtering.

        In the end, I found 7 versions of fingerd.  I'll provice brief
comments on each, as well as where I found it (or where you can get
it.)  GNU finger is too large.  Andreas Stolcke made some changes &
improvements, including some logging, but its still too big for my
comfort.  I'm including pointers to NetBSD and Linux implementations
to be complete.  Neither does any logging.

        There are three replacements which I felt did what I asked
for, which was logging and filtering.


        * Sfingerd is the most restrictive of the three, using a
chrooted directory to provide access to plan files etc.  Uses syslog.
800 lines.  hplyot.obspm.fr:/net/sfingerd-1.8.tar.gz


        * fingerd-1.0 handles extensive logging via syslog, ident
lookups, controls forwarding.  The code is small enough to be walked
through & verified.  850 lines.
kiwi.foobar.com:/pub/fingerd-1.0.tar.gz 


        * rfingerd is a *very* small perl program that uses its own
logfile to trap the log information.  Easy to hook in output filters
in perl.  143 lines.  I'm probably going to be using rfingerd after
making some modifications.  My main modification will be to replace
the line:

  if ($input =~ /[!,@,#,$,%,^,&,*,(,),_,-,+,=,,,|]/) { exit; }
with something that instead has a list of allowable characters.  I
prefer the 'explicit allow' approach to security code.
  if ($input !~ /[\w, ,-]/) { exit; }

        I'll probably also hack in some output filtering to reduce the
amount of information given out.

ftp.technet.sg:/pub/unix/bsdi/rfingerd.tgz

        Other finger daemons:

GNU finger
prep.ai.mit.edu: /pub/gnu/finger-1.37.tar.gz
icsi.brkeley.edu:/pub/stolcke/icsi-finger-1.0.23.tar.Z

NetBSD
f.ms.uky.edu:/pub2/NetBSD/NetBSD-current/src/libexec/fingerd/

Linux
mcsun.eu.net:/os/linux/util/networking/net-2/sources/fingerd/fingerd-560.tar.z
mcsun.eu.net:/os/linux/util/networking/net-2/sources/finger/finger-522.tar.z

Current thread:

Re: Internet Worm, (continued)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
  - Re: Internet Worm F. L. Charles Seeger III (Oct 19)
- Re: Internet Worm Darragh Nagle (Oct 19)
  - Re: Internet Worm Gene Spafford (Oct 19)
- Re: Internet Worm jim () Tadpole COM (Oct 19)
  - Re: Internet Worm F. L. Charles Seeger III (Oct 20)
- Re: Internet Worm smb () research att com (Oct 19)
  - R utilities, addresses, etc. Charles Howes (Oct 20)
    - Re: R utilities, addresses, etc. Alexander L. Haiut (Oct 20)
    - Re: R utilities, addresses, etc. Charles Howes (Oct 21)
    - Fingerd Summary Adam Shostack (Oct 20)
    - Re: Fingerd Summary Stephen Gildea (Oct 21)
    - Re: Fingerd Summary Adam Shostack (Oct 21)
    - Re: Fingerd Summary KevinTX (Oct 21)
    - access(2)--a security hole? Jonathan M. Bresler (Oct 20)
    - Re: access(2)--a security hole? Justin Mason (Oct 21)
    - Re: access(2)--a security hole? Dave Goldberg (Oct 21)
    - Re: access(2)--a security hole? Karl Strickland (Oct 21)
    - Re: access(2)--a security hole? Julian Assange (Oct 21)
    - Re: access(2)--a security hole? John DiMarco (Oct 21)
    - Re: access(2)--a security hole? jmc () gnu ai mit edu (Oct 21)

(Thread continues...)