1 /*
2 * safe_finger - finger client wrapper that protects against nasty stuff
3 * from finger servers. Use this program for automatic reverse finger
4 * probes, not the raw finger command.
5 *
6 * Build with: cc -o safe_finger safe_finger.c
7 *
8 * The problem: some programs may react to stuff in the first column. Other
9 * programs may get upset by thrash anywhere on a line. File systems may
10 * fill up as the finger server keeps sending data. Text editors may bomb
11 * out on extremely long lines. The finger server may take forever because
12 * it is somehow wedged. The code below takes care of all this badness.
13 *
14 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
15 */
16
17 #ifndef lint
18 static char sccsid[] = "@(#) safe_finger.c 1.4 94/12/28 17:42:41";
19 #endif
20
21 /* System libraries */
22
23 #include <sys/types.h>
24 #include <sys/stat.h>
25 #include <signal.h>
26 #include <stdio.h>
27 #include <ctype.h>
28 #include <pwd.h>
29
30 extern void exit();
31
32 /* Local stuff */
33
34 char path[] = "PATH=/bin:/usr/bin:/usr/ucb:/usr/bsd:/etc:/usr/etc:/usr/sbin";
35
36 #define TIME_LIMIT 60 /* Do not keep listinging forever */
37 #define INPUT_LENGTH 100000 /* Do not keep listinging forever */
38 #define LINE_LENGTH 128 /* Editors can choke on long lines */
39 #define FINGER_PROGRAM "finger" /* Most, if not all, UNIX systems */
40 #define UNPRIV_NAME "nobody" /* Preferred privilege level */
41 #define UNPRIV_UGID 32767 /* Default uid and gid */
42
43 int finger_pid;
44
cleanup(sig)45 void cleanup(sig)
46 int sig;
47 {
48 kill(finger_pid, SIGKILL);
49 exit(0);
50 }
51
52 int
main(argc,argv)53 main(argc, argv)
54 int argc;
55 char **argv;
56 {
57 int c;
58 int line_length = 0;
59 int finger_status;
60 int wait_pid;
61 int input_count = 0;
62 struct passwd *pwd;
63
64 /*
65 * First of all, let's don't run with superuser privileges.
66 */
67 if (getuid() == 0 || geteuid() == 0) {
68 if ((pwd = getpwnam(UNPRIV_NAME)) && pwd->pw_uid > 0) {
69 setgid(pwd->pw_gid);
70 setuid(pwd->pw_uid);
71 } else {
72 setgid(UNPRIV_UGID);
73 setuid(UNPRIV_UGID);
74 }
75 }
76
77 /*
78 * Redirect our standard input through the raw finger command.
79 */
80 if (putenv(path)) {
81 fprintf(stderr, "%s: putenv: out of memory", argv[0]);
82 exit(1);
83 }
84 argv[0] = FINGER_PROGRAM;
85 finger_pid = pipe_stdin(argv);
86
87 /*
88 * Don't wait forever (Peter Wemm <peter@gecko.DIALix.oz.au>).
89 */
90 signal(SIGALRM, cleanup);
91 (void) alarm(TIME_LIMIT);
92
93 /*
94 * Main filter loop.
95 */
96 while ((c = getchar()) != EOF) {
97 if (input_count++ >= INPUT_LENGTH) { /* don't listen forever */
98 fclose(stdin);
99 printf("\n\n Input truncated to %d bytes...\n", input_count - 1);
100 break;
101 }
102 if (c == '\n') { /* good: end of line */
103 putchar(c);
104 line_length = 0;
105 } else {
106 if (line_length >= LINE_LENGTH) { /* force end of line */
107 printf("\\\n");
108 line_length = 0;
109 }
110 if (line_length == 0) { /* protect left margin */
111 putchar(' ');
112 line_length++;
113 }
114 if (isascii(c) && (isprint(c) || isspace(c))) { /* text */
115 if (c == '\\') {
116 putchar(c);
117 line_length++;
118 }
119 putchar(c);
120 line_length++;
121 } else { /* quote all other thash */
122 printf("\\%03o", c & 0377);
123 line_length += 4;
124 }
125 }
126 }
127
128 /*
129 * Wait until the finger child process has terminated and account for its
130 * exit status. Which will always be zero on most systems.
131 */
132 while ((wait_pid = wait(&finger_status)) != -1 && wait_pid != finger_pid)
133 /* void */ ;
134 return (wait_pid != finger_pid || finger_status != 0);
135 }
136
137 /* perror_exit - report system error text and terminate */
138
perror_exit(text)139 void perror_exit(text)
140 char *text;
141 {
142 perror(text);
143 exit(1);
144 }
145
146 /* pipe_stdin - pipe stdin through program (from my ANSI to OLD C converter) */
147
pipe_stdin(argv)148 int pipe_stdin(argv)
149 char **argv;
150 {
151 int pipefds[2];
152 int pid;
153 int i;
154 struct stat st;
155
156 /*
157 * The code that sets up the pipe requires that file descriptors 0,1,2
158 * are already open. All kinds of mysterious things will happen if that
159 * is not the case. The following loops makes sure that descriptors 0,1,2
160 * are set up properly.
161 */
162
163 for (i = 0; i < 3; i++) {
164 if (fstat(i, &st) == -1 && open("/dev/null", 2) != i)
165 perror_exit("open /dev/null");
166 }
167
168 /*
169 * Set up the pipe that interposes the command into our standard input
170 * stream.
171 */
172
173 if (pipe(pipefds))
174 perror_exit("pipe");
175
176 switch (pid = fork()) {
177 case -1: /* error */
178 perror_exit("fork");
179 /* NOTREACHED */
180 case 0: /* child */
181 (void) close(pipefds[0]); /* close reading end */
182 (void) close(1); /* connect stdout to pipe */
183 if (dup(pipefds[1]) != 1)
184 perror_exit("dup");
185 (void) close(pipefds[1]); /* close redundant fd */
186 (void) execvp(argv[0], argv);
187 perror_exit(argv[0]);
188 /* NOTREACHED */
189 default: /* parent */
190 (void) close(pipefds[1]); /* close writing end */
191 (void) close(0); /* connect stdin to pipe */
192 if (dup(pipefds[0]) != 0)
193 perror_exit("dup");
194 (void) close(pipefds[0]); /* close redundant fd */
195 return (pid);
196 }
197 }
198