Sophie: ffingerd-1.28-4mdk i586

ffingerd-1.28-4mdk.i586.rpm

ffingerd - Fefe's small and secure finger daemon

This finger daemon is meant to be invoked via inetd, just like the
standard finger daemon. I wrote this program because the standard
finger daemon allows several things I don't like, namely :

evil.com$ finger root@poor.victim.com@innocuous.edu
- which is like "finger root@poor.victim.com", but the finger
originates from innocuous.edu instead of evil.com
evil.com$ finger @poor.victim.com
- which lists all the users logged into poor.victim.com, so an
intruder can look whether someone is logged in who could detect
his intrusion
evil.com$ finger luser@poor.victim.com
Login: luser Name: J. Random Luser
Directory: /home/luser Shell: /bin/sh
Last login Thu Nov 2 01:49 (MET DST) on ttyp3 from other.victim.com
No mail.
No Plan.
- Why should finger give away the home directory and the login shell
of all the lusers ? The "Last login" information should not be
given away, too, as it can be used to find seldom used accounts
which can safely be cracked into. I don't think we should tell
the fingeree whether luser has mail.

This is this finger daemon's output:
evil.com$ finger root@poor.victim.com@innocuous.edu
[innocuous.edu]
Sorry, we do not support indirect finger queries.
evil.com$ finger @poor.victim.com
[poor.victim.com]
Sorry, we do not support empty finger queries for security reasons.
evil.com$ finger luser@poor.victim.com
[poor.victim.com]
Login: luser Name: J. Random Luser
No project.
No plan.
No public key.
evil.com$ finger root@poor.victim.com
[poor.victim.com]
That user does not want to be fingered

That last message appears when the fingered user has the file
".nofinger" in his home. The PGP public key is the file ".pubkey"
which is treated just like the ".plan" file.

Fingerd creates several syslog messages if something suspicious
happens :

Nov 3 19:13:21 xorn fingerd[1033]: attempt to finger root from 127.0.0.1
Nov 3 19:14:12 xorn fingerd[1052]: empty finger attempt from 127.0.0.1
Nov 3 19:15:53 xorn fingerd[1077]: indirect finger attempt at root@localhost from 127.0.0.1
Aug 26 00:51:11 xorn syslog: file "/home/leitner/.plan" is a symbolic link to "/etc/shadow"!

tcpserver/daemontools:
If you configure with "--enable-daemontools" ffingerd will be
compiled for use with daemontools and tcpserver. See
http://cr.yp.to/ucspi-tcp.html and http://cr.yp.to/daemontools.html
This means it will rely on tcpserver for doing hostname lookup and
so on and will log to stderr for use with multilog instead of using syslog.

You will start ffingerd quick and dirty with something like

/usr/local/bin/tcpserver 0.0.0.0 finger \
softlimit -d 100000 -s 100000 setuidgid nobody /usr/local/libexec/ffingerd \
2>&1 | multilog t /var/log/finger/

This will bind at all your Interfaces to the finger port and run
at an incomming connection ffingerd as user nobody and a limit of
100 kb for it's data ans stack segment. Logging will be done to
/var/log/finger/. tcpserver will restrict paralell incomming
connections to 40 and multilog will keep 10 logfiles of 1 MB
each.

To watch ffingerd at work try

tail -f /var/log/finger/current | tai64nlocal

If you want extra savety and coolness create a special user for
ffingerd and run tcpserver under supervise.

Credits:
Felix von Leitner <felix@fefe.de>
[Fefe] wrote ffingerd and the gruesome install.conf script.

Andreas Bogk <bogk@inf.fu-berlin.de> wrote the Autoconfig support
(have a look at configure.in and you can see why I am very grateful
for that !)

I took the IPv6 patch from the Debian people, but several people sent
diffs (see NEWS).

Doobee <drt@ailis.de> contributed support for daemontools and
tcpserver and did a code cleanup.

Tests:
This daemon was tested and worked ok under :

Linux
Linux/ELF
HP-UX 9 on 700,800 and 300 series HP's
IRIX 5
NeXTSTEP 3
Solaris 2
SunOS 4
AIX 3
Even the very pinnacle of technical evolution, Control Data EP/IX, works.