File: README

package info (click to toggle)
ffingerd 1.28-7
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 220 kB
  • ctags: 42
  • sloc: ansic: 324; sh: 319; makefile: 83
file content (110 lines) | stat: -rw-r--r-- 4,274 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
ffingerd - Fefe's small and secure finger daemon

   This finger daemon is meant to be invoked via inetd, just like the
   standard finger daemon.  I wrote this program because the standard
   finger daemon allows several things I don't like, namely :

     evil.com$ finger root@poor.victim.com@innocuous.edu
       - which is like "finger root@poor.victim.com", but the finger
         originates from innocuous.edu instead of evil.com
     evil.com$ finger @poor.victim.com
       - which lists all the users logged into poor.victim.com, so an
	 intruder can look whether someone is logged in who could detect
	 his intrusion
     evil.com$ finger luser@poor.victim.com
     Login: luser                            Name: J. Random Luser
     Directory: /home/luser                  Shell: /bin/sh
     Last login Thu Nov  2 01:49 (MET DST) on ttyp3 from other.victim.com
     No mail.
     No Plan.
       - Why should finger give away the home directory and the login shell
         of all the lusers ?  The "Last login" information should not be
	 given away, too, as it can be used to find seldom used accounts
	 which can safely be cracked into.  I don't think we should tell
	 the fingeree whether luser has mail.

  This is this finger daemon's output:
    evil.com$ finger root@poor.victim.com@innocuous.edu
    [innocuous.edu]
    Sorry, we do not support indirect finger queries.
    evil.com$ finger @poor.victim.com
    [poor.victim.com]
    Sorry, we do not support empty finger queries for security reasons.
    evil.com$ finger luser@poor.victim.com
    [poor.victim.com]
    Login: luser                              Name: J. Random Luser
    No project.
    No plan.
    No public key.
    evil.com$ finger root@poor.victim.com
    [poor.victim.com]
    That user does not want to be fingered

  That last message appears when the fingered user has the file
  ".nofinger" in his home.  The PGP public key is the file ".pubkey"
  which is treated just like the ".plan" file.

  Fingerd creates several syslog messages if something suspicious
  happens :

  Nov  3 19:13:21 xorn fingerd[1033]: attempt to finger root from 127.0.0.1 
  Nov  3 19:14:12 xorn fingerd[1052]: empty finger attempt from 127.0.0.1 
  Nov  3 19:15:53 xorn fingerd[1077]: indirect finger attempt at root@localhost from 127.0.0.1 
  Aug 26 00:51:11 xorn syslog: file "/home/leitner/.plan" is a symbolic link to "/etc/shadow"! 


tcpserver/daemontools:
  If you configure with "--enable-daemontools" ffingerd will be
  compiled for use with daemontools and tcpserver. See
  http://cr.yp.to/ucspi-tcp.html and http://cr.yp.to/daemontools.html
  This means it will rely on tcpserver for doing hostname lookup and
  so on and will log to stderr for use with multilog instead of using syslog.

  You will start ffingerd quick and dirty with something like

     /usr/local/bin/tcpserver 0.0.0.0 finger \ 
     softlimit -d 100000 -s 100000 setuidgid nobody /usr/local/libexec/ffingerd \
     2>&1 | multilog t /var/log/finger/

  This will bind at all your Interfaces to the finger port and run
  at an incomming connection ffingerd as user nobody and a limit of
  100 kb for it's data ans stack segment. Logging will be done to
  /var/log/finger/. tcpserver will restrict paralell incomming
  connections to 40 and multilog will keep 10 logfiles of 1 MB
  each.

  To watch ffingerd at work try 
    
    tail -f /var/log/finger/current | tai64nlocal 
  
  If you want extra savety and coolness create a special user for
  ffingerd and run tcpserver under supervise.


Credits:
  Felix von Leitner <felix@fefe.de>
  [Fefe] wrote ffingerd and the gruesome install.conf script.

  Andreas Bogk <bogk@inf.fu-berlin.de> wrote the Autoconfig support
  (have a look at configure.in and you can see why I am very grateful
   for that !)

  I took the IPv6 patch from the Debian people, but several people sent
  diffs (see NEWS).

  Doobee <drt@ailis.de> contributed support for daemontools and
  tcpserver and did a code cleanup.

Tests:
  This daemon was tested and worked ok under :

    Linux
    Linux/ELF
    HP-UX 9 on 700,800 and 300 series HP's
    IRIX 5
    NeXTSTEP 3
    Solaris 2
    SunOS 4
    AIX 3
    Even the very pinnacle of technical evolution, Control Data EP/IX, works.