From otis@remedy.wilbury.sk  Wed Feb 15 14:05:18 2006
Return-Path: <otis@remedy.wilbury.sk>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8C7A716A420
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 15 Feb 2006 14:05:18 +0000 (GMT)
	(envelope-from otis@remedy.wilbury.sk)
Received: from remedy.wilbury.sk (remedy.wilbury.sk [217.73.27.10])
	by mx1.FreeBSD.org (Postfix) with SMTP id A46EA43D8C
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 15 Feb 2006 14:05:17 +0000 (GMT)
	(envelope-from otis@remedy.wilbury.sk)
Received: (qmail 65020 invoked by uid 1000); 15 Feb 2006 14:05:15 -0000
Message-Id: <20060215140515.65019.qmail@remedy.wilbury.sk>
Date: 15 Feb 2006 14:05:15 -0000
From: Juraj Lutter <otis@sk.FreeBSD.org>
Reply-To: Juraj Lutter <otis@sk.FreeBSD.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: <uhlar@nextra.sk>
Subject: inetd's internal auth service allows use of ~/.fakeid
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         93391
>Category:       bin
>Synopsis:       inetd's internal auth service allows use of ~/.fakeid
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Feb 15 14:10:04 GMT 2006
>Closed-Date:    Sun Feb 19 18:05:35 GMT 2006
>Last-Modified:  Sun Feb 19 18:05:35 GMT 2006
>Originator:     Juraj Lutter
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD remedy.wilbury.sk 5.4-STABLE FreeBSD 5.4-STABLE #0: Sun Jul 17 13:16:48 CEST 2005 root@remedy.wilbury.sk:/usr/obj/usr/src/sys/remedy i386


>Description:
	default settings of inetd allows users to use ~/.fakeid file to change
	IDENT server replies.

>How-To-Repeat:
	use "-r" flag (as in default inetd config) to "auth" internal service

>Fix:

	remove "-r" and probably "-n", too from default inetd.conf



>Release-Note:
>Audit-Trail:

From: Juraj Lutter <otis@sk.FreeBSD.org>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Cc:  
Subject: Re: bin/93391: inetd's internal auth service allows use of ~/.fakeid
Date: Wed, 15 Feb 2006 17:23:16 +0100

 On Wed, Feb 15, 2006 at 02:10:05PM +0000, FreeBSD-gnats-submit@FreeBSD.org wrote:
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=93391
 > 
 > >Category:       bin
 > >Responsible:    freebsd-bugs
 > >Synopsis:       inetd's internal auth service allows use of ~/.fakeid
 > >Arrival-Date:   Wed Feb 15 14:10:04 GMT 2006
 
 Hrm, it's "-f" which should be removed or at least avoided, "-r"
 should be kept in order to return proper usernames. Shame on me!
 
 -- 
 Juraj Lutter                          |  /\  ASCII Ribbon Campaign
 otis (at) wilbury.sk                  |  \/  - NO HTML/RTF in e-mail
 http://www.wilbury.sk/                |  /\  - NO Word docs in e-mail
State-Changed-From-To: open->closed 
State-Changed-By: ceri 
State-Changed-When: Sun Feb 19 18:03:49 UTC 2006 
State-Changed-Why:  
This isn't a bug, or even a real problem. 
The default inetd.conf has everything commented out, there are five 
examples for the auth service, and the one that the submitter is unhappy 
about is clearly documented one live above it as providing ~/.fakeid 
support, so the '-r' kind of fits with that statement. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=93391 
>Unformatted:
