Bugtraq mailing list archives
Fingerd Summary
From: adam () bwh harvard edu (Adam Shostack)
Date: Thu, 20 Oct 94 14:48:53 EDT
About two weeks ago, I posted asking for versions of finger that did logging and filtering. In the end, I found 7 versions of fingerd. I'll provice brief comments on each, as well as where I found it (or where you can get it.) GNU finger is too large. Andreas Stolcke made some changes & improvements, including some logging, but its still too big for my comfort. I'm including pointers to NetBSD and Linux implementations to be complete. Neither does any logging. There are three replacements which I felt did what I asked for, which was logging and filtering. * Sfingerd is the most restrictive of the three, using a chrooted directory to provide access to plan files etc. Uses syslog. 800 lines. hplyot.obspm.fr:/net/sfingerd-1.8.tar.gz * fingerd-1.0 handles extensive logging via syslog, ident lookups, controls forwarding. The code is small enough to be walked through & verified. 850 lines. kiwi.foobar.com:/pub/fingerd-1.0.tar.gz * rfingerd is a *very* small perl program that uses its own logfile to trap the log information. Easy to hook in output filters in perl. 143 lines. I'm probably going to be using rfingerd after making some modifications. My main modification will be to replace the line: if ($input =~ /[!,@,#,$,%,^,&,*,(,),_,-,+,=,,,|]/) { exit; } with something that instead has a list of allowable characters. I prefer the 'explicit allow' approach to security code. if ($input !~ /[\w, ,-]/) { exit; } I'll probably also hack in some output filtering to reduce the amount of information given out. ftp.technet.sg:/pub/unix/bsdi/rfingerd.tgz Other finger daemons: GNU finger prep.ai.mit.edu: /pub/gnu/finger-1.37.tar.gz icsi.brkeley.edu:/pub/stolcke/icsi-finger-1.0.23.tar.Z NetBSD f.ms.uky.edu:/pub2/NetBSD/NetBSD-current/src/libexec/fingerd/ Linux mcsun.eu.net:/os/linux/util/networking/net-2/sources/fingerd/fingerd-560.tar.z mcsun.eu.net:/os/linux/util/networking/net-2/sources/finger/finger-522.tar.z
Current thread:
- Re: Internet Worm, (continued)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
- Re: Internet Worm F. L. Charles Seeger III (Oct 19)
- Re: Internet Worm Darragh Nagle (Oct 19)
- Re: Internet Worm Gene Spafford (Oct 19)
- Re: Internet Worm jim () Tadpole COM (Oct 19)
- Re: Internet Worm F. L. Charles Seeger III (Oct 20)
- Re: Internet Worm smb () research att com (Oct 19)
- R utilities, addresses, etc. Charles Howes (Oct 20)
- Re: R utilities, addresses, etc. Alexander L. Haiut (Oct 20)
- Re: R utilities, addresses, etc. Charles Howes (Oct 21)
- Fingerd Summary Adam Shostack (Oct 20)
- Re: Fingerd Summary Stephen Gildea (Oct 21)
- Re: Fingerd Summary Adam Shostack (Oct 21)
- Re: Fingerd Summary KevinTX (Oct 21)
- R utilities, addresses, etc. Charles Howes (Oct 20)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
- access(2)--a security hole? Jonathan M. Bresler (Oct 20)
- Re: access(2)--a security hole? Justin Mason (Oct 21)
- Re: access(2)--a security hole? Dave Goldberg (Oct 21)
- Re: access(2)--a security hole? Karl Strickland (Oct 21)
- Re: access(2)--a security hole? Julian Assange (Oct 21)
- Re: access(2)--a security hole? John DiMarco (Oct 21)
- Re: access(2)--a security hole? jmc () gnu ai mit edu (Oct 21)