[2462] in bugtraq
Re: rpc.ypupdated
daemon@ATHENA.MIT.EDU (Martin Hamilton)
Sun Dec 17 20:18:42 1995
Date: Sat, 16 Dec 1995 14:12:01 +0000
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Martin Hamilton <martin@mrrl.lut.ac.uk>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: Your message of "Sat, 16 Dec 1995 00:17:48 GMT."
<m0tQkJw-000BzfC@bootes.cus.cam.ac.uk>
John Line writes:
| Er... what if the remote site's fingerd returns output which uses UCB mail's
| ~-escapes to run commands, or amend the headers and mail "interesting" files
| somewhere? [I don't think I'll stick my neck out in this forum and risk
| any suggestions about better ways to send the mail! :-)]
How about "safe_finger" ? (from the TCP wrapper distribution... ;-)
* safe_finger - finger client wrapper that protects against nasty stuff
* from finger servers. Use this program for automatic reverse finger
* probes, not the raw finger command.
*
* Build with: cc -o safe_finger safe_finger.c
*
* The problem: some programs may react to stuff in the first column. Other
* programs may get upset by thrash anywhere on a line. File systems may
* fill up as the finger server keeps sending data. Text editors may bomb
* out on extremely long lines. The finger server may take forever because
* it is somehow wedged. The code below takes care of all this badness.
*
* Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
Cheerio,
Martin
