[14712] in bugtraq
Re: fingerd
daemon@ATHENA.MIT.EDU (Brock Sides)
Fri Apr 28 17:09:01 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10004271401280.8613-100000@koala.towery.com>
Date: Thu, 27 Apr 2000 14:13:55 -0500
Reply-To: Brock Sides <bsides@TOWERY.COM>
From: Brock Sides <bsides@TOWERY.COM>
X-To: Psarras Nikos <psarnik@IT.TEITHE.GR>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.SGI.4.05.10004271354520.14265-100000@aetos.it.teithe.gr>
I have attempted to confirm this, and failed, for Irix 6.3, 6.4, and
6.5.7m. In all cases, if the .plan file is symlinked to /etc/shadow, a
remote finger, or a local finger by any user other than root, returns "No
Plan."
Based on a little experimentation, it appears that Irix fingerd drops
privileges to those of "guest" before reading .plan files.
--
Brock Sides
Unix Systems Administration
Towery Publishing
bsides@towery.com
On Thu, 27 Apr 2000, Psarras Nikos wrote:
> I am new on the list so i dont know if you knew that.
>
> On Irix 6.4 with all patches installed the fingerd seems to like to
> display the shadow file to all users.
>
> >ln -s /etc/shadow /path/user/.plan
> >finger user@irix64.show.shadow
>
>
> This feature was found by a student -Zanikolas Serafim- while he was
> reading a 9 years old system administrator's book.
>
> Psarras Nicholas
>
