File: README.noroot

package info (click to toggle)
cfingerd 1.4.3-1.2
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k, sarge
  • size: 636 kB
  • ctags: 437
  • sloc: ansic: 3,706; perl: 502; makefile: 166; sh: 72
file content (45 lines) | stat: -rw-r--r-- 2,328 bytes parent folder | download | duplicates (11) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
Run from nobody and other security issues that came to my mind

If you want run CFINGERD with no root priviledges at all (for
security's sake - you are wise and do not trust programmers), you are
free to do it.  Just edit your inetd.conf and run it as nobody.

finger	stream	tcp	nowait	nobody	/usr/sbin/tcpd	/usr/sbin/in.cfingerd

Of course you should take care about a few more things.  CFINGERD will
need to read its config files.  So you have to set their modes
accordingly (i.e. world readable) Alternatively they could be owned by
nobody, but no file should be owned by nobody).  You will probably
want to turn off some of ALLOW_USERLOG, ALLOW_FINGER_LOGGING,
ONLY_CREATE_FINGERLOG_IF_FILE_EXISTS.  Bear in mind that CFINGERD
tries to write to several files if you leave something enabled.  These
files would need to be owned by nobody or be world writable.  Both
should be avoided.

If CFINGERD runs as root all priviledges are droppped before
displaying user files.  if ALLOW_EXECUTION is set, programs called
from user files are executed as that particular user, programs called
from within system files are executed as user "nobody".

files are parsed to be executed - as that user.  In global files
priviledges are also dropped before execution.  If you don't like this
and want some fancy headers with actual date and time and weather
forecast for the day, you should set ALLOW_ROOT_EXEC.  You still can
use $time, $date, $ident etc.  Just don't use external programs.

If you are very picky about security and like "security through
obscurity" you want to turn off ALLOW_CONFESSION.  It might be more
verbose than you want (you know, help@, version@ etc), imho, but it is
still your choice.  ALLOW_CONFESSION is enabled in the default
cfingerd.conf.

There were some "noroot" versions of CFINNGERD 1.3.2.  The original
noroot patch probably did nothing but changing comments and macro
names, if you look at it.  It run as nobody, though, so nothing more
was needed.  More "noroot" patches were part of Debian patch fighting
the $exec design flaw - the first time CFINGERD thought it is putting
back root privs, it really dropeed it away.  This came with some flaws
since more than nobody's privs are needed to read .cfingerrc files,
assuming normal operations.

Tadek Knapik <tadek@nautilus.uwoj.krakow.pl> and Joey