diff options
author | obrien <obrien@FreeBSD.org> | 1999-05-08 00:46:06 +0000 |
---|---|---|
committer | obrien <obrien@FreeBSD.org> | 1999-05-08 00:46:06 +0000 |
commit | 228630557e264fa21523fca2b99e3adb69518f69 (patch) | |
tree | 8fc4bf3481272909ee2970d66818dd1836a1f400 /usr.bin/finger | |
parent | 4f9e07b1eda52b7cb82d30035cc56eb06b2ab297 (diff) | |
download | FreeBSD-src-228630557e264fa21523fca2b99e3adb69518f69.zip FreeBSD-src-228630557e264fa21523fca2b99e3adb69518f69.tar.gz |
Impliment elements of TCP Wrappers's `safe_finger'.
* if run by root (or root process) drop privs
* ensure output size is not infinate (net finger only)
* ensure output lines are not infinate in length (net finger only)
* do not allow finger client to run longer than 3 minutes (net finger only)
Diffstat (limited to 'usr.bin/finger')
-rw-r--r-- | usr.bin/finger/finger.c | 13 | ||||
-rw-r--r-- | usr.bin/finger/finger.h | 6 | ||||
-rw-r--r-- | usr.bin/finger/net.c | 29 |
3 files changed, 46 insertions, 2 deletions
diff --git a/usr.bin/finger/finger.c b/usr.bin/finger/finger.c index 091ac16..8a2cb2b 100644 --- a/usr.bin/finger/finger.c +++ b/usr.bin/finger/finger.c @@ -55,7 +55,7 @@ static char copyright[] = static char sccsid[] = "@(#)finger.c 8.5 (Berkeley) 5/4/95"; #else static const char rcsid[] = - "$Id$"; + "$Id: finger.c,v 1.12 1997/07/02 06:34:48 charnier Exp $"; #endif #endif /* not lint */ @@ -154,6 +154,17 @@ main(argc, argv) { int envargc, argcnt; char *envargv[3]; + struct passwd *pw; + + if (getuid() == 0 || geteuid() == 0) { + if ((pw = getpwnam(UNPRIV_NAME)) && pw->pw_uid > 0) { + setgid(pw->pw_gid); + setuid(pw->pw_uid); + } else { + setgid(UNPRIV_UGID); + setuid(UNPRIV_UGID); + } + } (void) setlocale(LC_ALL, ""); diff --git a/usr.bin/finger/finger.h b/usr.bin/finger/finger.h index b8538fa..a3209cb 100644 --- a/usr.bin/finger/finger.h +++ b/usr.bin/finger/finger.h @@ -34,6 +34,7 @@ * SUCH DAMAGE. * * @(#)finger.h 8.1 (Berkeley) 6/6/93 + * $Id$ */ typedef struct person { @@ -62,4 +63,9 @@ typedef struct where { char host[UT_HOSTSIZE+1]; /* null terminated remote host name */ } WHERE; +#define UNPRIV_NAME "nobody" /* Preferred privilege level */ +#define UNPRIV_UGID 32767 /* Default uid and gid */ +#define OUTPUT_MAX 100000 /* Do not keep listinging forever */ +#define TIME_LIMIT 360 /* Do not keep listinging forever */ + #include "extern.h" diff --git a/usr.bin/finger/net.c b/usr.bin/finger/net.c index 7d7b25c..c4698b4 100644 --- a/usr.bin/finger/net.c +++ b/usr.bin/finger/net.c @@ -39,7 +39,7 @@ static char sccsid[] = "@(#)net.c 8.4 (Berkeley) 4/28/95"; #else static const char rcsid[] = - "$Id: net.c,v 1.9 1997/08/01 20:10:44 wollman Exp $"; + "$Id: net.c,v 1.10 1998/06/09 04:30:40 imp Exp $"; #endif #endif /* not lint */ @@ -58,12 +58,23 @@ static const char rcsid[] = #include <ctype.h> #include <string.h> #include <sys/uio.h> +#include <signal.h> +#include <limits.h> #include "finger.h" void +cleanup(sig) + int sig; +{ + exit(0); +} + +void netfinger(name) char *name; { + int cnt; + int line_len; extern int lflag; extern int Tflag; register FILE *fp; @@ -80,6 +91,8 @@ netfinger(name) if (!(host = rindex(name, '@'))) return; *host++ = '\0'; + signal(SIGALRM, cleanup); + (void) alarm(TIME_LIMIT); if (isdigit(*host) && (defaddr.s_addr = inet_addr(host)) != -1) { def.h_name = host; def.h_addr_list = alist; @@ -152,7 +165,14 @@ netfinger(name) */ lastc = 0; if ((fp = fdopen(s, "r")) != NULL) { + cnt = 0; + line_len = 0; while ((c = getc(fp)) != EOF) { + if (++cnt > OUTPUT_MAX) { + printf("\n\n Output truncated at %d bytes...\n", + cnt - 1); + break; + } if (c == 0x0d) { if (lastc == '\r') /* ^M^M - skip dupes */ continue; @@ -171,6 +191,13 @@ netfinger(name) } } putchar(c); + if (c != '\n' && ++line_len > _POSIX2_LINE_MAX) { + putchar('\\'); + putchar('\n'); + lastc = '\r'; + } + if (lastc == '\n' || lastc == '\r') + line_len = 0; } if (lastc != '\n') putchar('\n'); |