From d2e4ea2a51f8a2a0913c16ac5473eaa3f7cdd033 Mon Sep 17 00:00:00 2001 From: Diomidis Spinellis Date: Mon, 19 Sep 2005 10:11:47 +0000 Subject: [PATCH] Setting .nofinger will not hide you from root. --- usr.bin/finger/extern.h | 1 + usr.bin/finger/finger.1 | 1 + usr.bin/finger/finger.c | 2 ++ usr.bin/finger/util.c | 3 ++- 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/usr.bin/finger/extern.h b/usr.bin/finger/extern.h index 38552094ac7b..29f35994fa77 100644 --- a/usr.bin/finger/extern.h +++ b/usr.bin/finger/extern.h @@ -48,6 +48,7 @@ extern time_t now; extern int oflag; extern int pplan; /* don't show .plan/.project */ extern int Tflag; +extern int invoker_root; /* Invoked by root */ void enter_lastlog(PERSON *); PERSON *enter_person(struct passwd *); diff --git a/usr.bin/finger/finger.1 b/usr.bin/finger/finger.1 index 1ef35d6e4d81..a49c702f4b44 100644 --- a/usr.bin/finger/finger.1 +++ b/usr.bin/finger/finger.1 @@ -202,6 +202,7 @@ option is the only option that may be passed to a remote machine. If the file .Pa .nofinger exists in the user's home directory, +and the program is not run with superuser privileges, .Nm behaves as if the user in question does not exist. .Pp diff --git a/usr.bin/finger/finger.c b/usr.bin/finger/finger.c index bcba85f714d2..5223c7dd66e5 100644 --- a/usr.bin/finger/finger.c +++ b/usr.bin/finger/finger.c @@ -95,6 +95,7 @@ int entries, gflag, kflag, lflag, mflag, pplan, sflag, oflag, Tflag; sa_family_t family = PF_UNSPEC; int d_first = -1; char tbuf[1024]; +int invoker_root = 0; static void loginlist(void); static int option(int, char **); @@ -168,6 +169,7 @@ main(int argc, char **argv) static char myname[] = "finger"; if (getuid() == 0 || geteuid() == 0) { + invoker_root = 1; if ((pw = getpwnam(UNPRIV_NAME)) && pw->pw_uid > 0) { setgid(pw->pw_gid); setuid(pw->pw_uid); diff --git a/usr.bin/finger/util.c b/usr.bin/finger/util.c index 3ac5a068331c..a84c711745c7 100644 --- a/usr.bin/finger/util.c +++ b/usr.bin/finger/util.c @@ -408,6 +408,7 @@ userinfo(PERSON *pn, struct passwd *pw) /* * Is this user hiding from finger? * If ~/.nofinger exists, return 1 (hide), else return 0 (nohide). + * Nobody can hide from root. */ int @@ -416,7 +417,7 @@ hide(struct passwd *pw) struct stat st; char buf[MAXPATHLEN]; - if (!pw->pw_dir) + if (invoker_root || !pw->pw_dir) return 0; snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir, _PATH_NOFINGER);