From sa2c@berkeley.us.and.or.jp  Mon Oct  2 11:42:05 2000
Return-Path: <sa2c@berkeley.us.and.or.jp>
Received: from berkeley.us.and.or.jp (berkeley.us.and.or.jp [210.136.4.34])
	by hub.freebsd.org (Postfix) with ESMTP id 6FE1937B66D
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  2 Oct 2000 11:42:04 -0700 (PDT)
Received: (from sa2c@localhost)
	by berkeley.us.and.or.jp (8.11.0/8.11.0) id e92IfvX61007;
	Tue, 3 Oct 2000 03:41:57 +0900 (JST)
	(envelope-from sa2c)
Message-Id: <200010021841.e92IfvX61007@berkeley.us.and.or.jp>
Date: Tue, 3 Oct 2000 03:41:57 +0900 (JST)
From: sa2c@and.or.jp
Sender: sa2c@berkeley.us.and.or.jp
Reply-To: sa2c@and.or.jp
To: FreeBSD-gnats-submit@freebsd.org
Subject: enabling fingerd makes files world readable
X-Send-Pr-Version: 3.2

>Number:         21704
>Category:       bin
>Synopsis:       enabling fingerd makes files world readable
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 02 11:50:00 PDT 2000
>Closed-Date:    Mon Oct 2 15:27:47 PDT 2000
>Last-Modified:  Mon Oct 02 15:28:05 PDT 2000
>Originator:     NIIMI Satoshi
>Release:        FreeBSD 4.1.1-RELEASE i386
>Organization:
>Environment:

FreeBSD berkeley.us.and.or.jp 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE #0: Wed Sep 27 00:28:17 JST 2000     sa2c@berkeley.us.and.or.jp:/usr/obj/usr/src/sys/GENERIC  i386

>Description:

If finger takes full path name as user name, it prints out contents of
that file.  Because fingerd executes finger as local information
provider, finger /path/to/file@some.host prints /path/to/file at
some.host.

>How-To-Repeat:

finger /path/to/file@some.host

>Fix:

Index: finger.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/finger/finger.c,v
retrieving revision 1.15.2.3
diff -u -r1.15.2.3 finger.c
--- finger.c	2000/09/15 21:51:00	1.15.2.3
+++ finger.c	2000/10/02 18:04:06
@@ -318,26 +318,19 @@
 
 	/*
 	 * Traverse the list of possible login names and check the login name
-	 * and real name against the name specified by the user. If the name
-	 * begins with a '/', try to read the file of that name instead of
-	 * gathering the traditional finger information.
+	 * and real name against the name specified by the user.
 	 */
 	if (mflag)
 		for (p = argv; *p; ++p) {
-			if (**p != '/' || !show_text("", *p, "")) {
-				if (((pw = getpwnam(*p)) != NULL) && !hide(pw))
-					enter_person(pw);
-			   	else
-					warnx("%s: no such user", *p);
-			}
+			if (((pw = getpwnam(*p)) != NULL) && !hide(pw))
+				enter_person(pw);
+			else
+				warnx("%s: no such user", *p);
 		}
 	else {
 		while ((pw = getpwent()) != NULL) {
 			for (p = argv, ip = used; *p; ++p, ++ip)
-				if (**p == '/' && *ip != 1
-				    && show_text("", *p, ""))
-					*ip = 1;
-				else if (match(pw, *p) && !hide(pw)) {
+				if (match(pw, *p) && !hide(pw)) {
 					enter_person(pw);
 					*ip = 1;
 				}

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: brian 
State-Changed-When: Mon Oct 2 15:27:47 PDT 2000 
State-Changed-Why:  
Fixed in -current and -stable 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21704 
>Unformatted:
