[54] in bugtraq
Fingerd Summary
daemon@ATHENA.MIT.EDU (Adam Shostack)
Thu Oct 20 16:58:24 1994
From: Adam Shostack <adam@bwh.harvard.edu>
To: bugtraq@crimelab.com
Date: Thu, 20 Oct 94 14:48:53 EDT
About two weeks ago, I posted asking for versions of finger
that did logging and filtering.
In the end, I found 7 versions of fingerd. I'll provice brief
comments on each, as well as where I found it (or where you can get
it.) GNU finger is too large. Andreas Stolcke made some changes &
improvements, including some logging, but its still too big for my
comfort. I'm including pointers to NetBSD and Linux implementations
to be complete. Neither does any logging.
There are three replacements which I felt did what I asked
for, which was logging and filtering.
* Sfingerd is the most restrictive of the three, using a
chrooted directory to provide access to plan files etc. Uses syslog.
800 lines. hplyot.obspm.fr:/net/sfingerd-1.8.tar.gz
* fingerd-1.0 handles extensive logging via syslog, ident
lookups, controls forwarding. The code is small enough to be walked
through & verified. 850 lines.
kiwi.foobar.com:/pub/fingerd-1.0.tar.gz
* rfingerd is a *very* small perl program that uses its own
logfile to trap the log information. Easy to hook in output filters
in perl. 143 lines. I'm probably going to be using rfingerd after
making some modifications. My main modification will be to replace
the line:
if ($input =~ /[!,@,#,$,%,^,&,*,(,),_,-,+,=,,,|]/) { exit; }
with something that instead has a list of allowable characters. I
prefer the 'explicit allow' approach to security code.
if ($input !~ /[\w, ,-]/) { exit; }
I'll probably also hack in some output filtering to reduce the
amount of information given out.
ftp.technet.sg:/pub/unix/bsdi/rfingerd.tgz
Other finger daemons:
GNU finger
prep.ai.mit.edu: /pub/gnu/finger-1.37.tar.gz
icsi.brkeley.edu:/pub/stolcke/icsi-finger-1.0.23.tar.Z
NetBSD
f.ms.uky.edu:/pub2/NetBSD/NetBSD-current/src/libexec/fingerd/
Linux
mcsun.eu.net:/os/linux/util/networking/net-2/sources/fingerd/fingerd-560.tar.z
mcsun.eu.net:/os/linux/util/networking/net-2/sources/finger/finger-522.tar.z
