Modified WHO to guard against DNS cache poisoning

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Modified WHO to guard against DNS cache poisoning

From:	Bill Crowell
Subject:	Modified WHO to guard against DNS cache poisoning
Date:	Wed, 22 Feb 2006 09:14:41 -0500
User-agent:	Mozilla Thunderbird 1.0.6 (X11/20050716)

Attached is the diff output of modifications to who.c vs. source from 5.2.1.

Added are the -n and --ipaddr flags and function to return the IPaddress logged in utmp ut_addr_v6[4] during the socket initialization.This feature provides a mechanism to guard against DNS poisoning as utmpis updated by the incoming socket connection information after passwordverification.

The method of storing and retrieving IP addresses is consistant withOpenSSH's implementation and consistant with security standards.

The choice of -n was to be syntactically similar to netkit and netutilscommands.

The choice of [] was to provide positive delimited parsing boundaries.
The return of 0.0.0.0 indicates that no IP address was stored in utmp.

Functional dependencies. The return of the IP address for telnetconnections is predicated by updates to netkit also submitted by CrowellSystems. Updates to telnetd and login to pass and store the inboundsocket address information based upon the OpenSSH model.


Please contact me with any questions or comments.

Regards,

Bill

--
William G. Crowell, VP & CTO
Crowell Systems
4235 South Stream Blvd Suite 100
Charlotte  NC 28217
704.665.2000 fax 704.665.2180
If it's your turn to save the world, remember to say "Klatoo borada niktu"

--- who_orig.c  2006-02-17 01:34:48.000000000 -0500
+++ who.c       2006-02-22 09:01:55.000000000 -0500
@@ -17,6 +17,13 @@
 
 /* Written by jla; revised by djm; revised again by mstone */
 
+/* Modified by Mike Isely <address@hidden> & Bill Crowell <address@hidden>
+   for Crowell Systems to add the "-n" and "--ipaddr" flags. These output 
flags close
+   a security hole by returning the IP address unconditionally from 
ut_addr_v6[4]
+   of a connected user that was logged upon socket initialization. This is 
consistent with   OpenSSH security by not relying upon DNS to return an address 
thus avoiding DNS
+   cache poisoning. Use of the -n flag to be consistant with other netutils 
output.
+ */
+
 /* Output format:
    name [state] line time [activity] [pid] [comment] [exit]
    state: -T
@@ -28,6 +35,8 @@
 #include <getopt.h>
 #include <stdio.h>
 
+#include <netdb.h>
+
 #include <sys/types.h>
 #include "system.h"
 
@@ -37,7 +46,7 @@
 /* The official name of this program (e.g., no `g' prefix).  */
 #define PROGRAM_NAME "who"
 
-#define AUTHORS "Joseph Arceneaux", "David MacKenzie", "Michael Stone"
+#define AUTHORS "Joseph Arceneaux", "David MacKenzie", "Michael Stone 
(modified by Crowell Systems)"
 
 #ifndef MAXHOSTNAMELEN
 # define MAXHOSTNAMELEN 64
@@ -167,6 +176,9 @@
 /* If nonzero, display info only for the controlling tty */
 static int my_line_only;
 
+/* If true, display the IPv4 address of the user */
+static int use_ipaddr;
+
 /* for long options with no corresponding short option, use enum */
 enum
 {
@@ -180,6 +192,7 @@
   {"dead", no_argument, NULL, 'd'},
   {"heading", no_argument, NULL, 'H'},
   {"idle", no_argument, NULL, 'i'},
+  {"ipaddr", no_argument, NULL, 'n'},
   {"login", no_argument, NULL, 'l'},
   {"lookup", no_argument, NULL, LOOKUP_OPTION},
   {"message", no_argument, NULL, 'T'},
@@ -319,8 +332,8 @@
   time_t last_change;
   char mesg;
   char idlestr[IDLESTR_LEN];
-  static char *hoststr;
-  static size_t hostlen;
+  static char *hoststr = 0;
+  static size_t hostlen = 0;
 
 #define DEV_DIR_WITH_TRAILING_SLASH "/dev/"
 #define DEV_DIR_LEN (sizeof (DEV_DIR_WITH_TRAILING_SLASH) - 1)
@@ -403,16 +416,67 @@
          sprintf (hoststr, "(%s)", host);
        }
     }
-  else
+#endif
+  if (use_ipaddr)
     {
-      if (hostlen < 1)
-       {
-         hostlen = 1;
-         hoststr = (char *) realloc (hoststr, hostlen);
-       }
-      stpcpy (hoststr, "");
+       char buf[100];
+       unsigned int len1,len2,spc;
+       buf[0] = '[';
+       len2 = 1;
+       if (utmp_ent->ut_addr_v6[1] ||
+           utmp_ent->ut_addr_v6[2] ||
+           utmp_ent->ut_addr_v6[3])
+         {
+             unsigned int idx;
+             unsigned short v;
+             /* Print IPV6 style */
+             for (idx = 0; idx < 8; idx++) {
+                 v = (utmp_ent->ut_addr_v6[(7-idx) >> 1]) >>
+                     (((7-idx) & 1) ? 0 : 16);
+                 v = (v << 8) | (v >> 8);
+                 if (idx)
+                   {
+                       buf[len2] = ':';
+                       len2++;
+                   }
+                 if (v)
+                   {
+                     sprintf(buf+len2,"%x",v);
+                     len2 += strlen(buf+len2);
+                   }
+             }
+         }
+       else
+         {
+             /* Print IPV4 style */
+             sprintf(buf+len2,"%u.%u.%u.%u",
+                     utmp_ent->ut_addr_v6[0] & 0xffu,
+                     (utmp_ent->ut_addr_v6[0] >> 8) & 0xffu,
+                     (utmp_ent->ut_addr_v6[0] >> 16) & 0xffu,
+                     (utmp_ent->ut_addr_v6[0] >> 24) & 0xffu);
+             len2 += strlen(buf+len2);
+         }
+       buf[len2] = ']';
+       len2++;
+       len1 = hoststr ? strlen(hoststr) : 0;
+       spc = len1 ? 1 : 0;
+       if (hostlen < len1+len2+spc+1)
+         {
+             hostlen = len1+len2+spc+1;
+             hoststr = xrealloc(hoststr,len1+len2+spc+1);
+         }
+       if (spc) hoststr[len1] = ' ';
+       len1++;
+       memcpy(hoststr+len1,buf,len2);
+       hoststr[len1+len2] = 0;
+    }
+
+  if (hostlen < 1)
+    {
+       hostlen = 1;
+       hoststr = xrealloc (hoststr, hostlen);
+       stpcpy (hoststr, "");
     }
-#endif
 
   print_line (UT_USER (utmp_ent), mesg, utmp_ent->ut_line,
              time_string (utmp_ent), idlestr, pidstr,
@@ -620,7 +684,7 @@
       printf (_("Usage: %s [OPTION]... [ FILE | ARG1 ARG2 ]\n"), program_name);
       fputs (_("\
 \n\
-  -a, --all         same as -b -d --login -p -r -t -T -u\n\
+  -a, --all         same as -b -d --login -p -r -t -T -u -n\n\
   -b, --boot        time of last system boot\n\
   -d, --dead        print dead processes\n\
   -H, --heading     print line of column headings\n\
@@ -633,6 +697,7 @@
       fputs (_("\
       --lookup      attempt to canonicalize hostnames via DNS\n\
   -m                only hostname and user associated with stdin\n\
+  -n, --ipaddr      return non-canonized IP address from utmp\n\
   -p, --process     print active processes spawned by init\n\
 "), stdout);
       fputs (_("\
@@ -673,7 +738,7 @@
 
   atexit (close_stdout);
 
-  while ((optc = getopt_long (argc, argv, "abdilmpqrstuwHT", longopts,
+  while ((optc = getopt_long (argc, argv, "abdilmnpqrstuwHT", longopts,
                              &longind)) != -1)
     {
       switch (optc)
@@ -689,6 +754,7 @@
          need_runlevel = 1;
          need_clockchange = 1;
          need_users = 1;
+         use_ipaddr = 1;
          include_mesg = 1;
          include_idle = 1;
          include_exit = 1;
@@ -721,6 +787,11 @@
          my_line_only = 1;
          break;
 
+       case 'n':
+         use_ipaddr = 1;
+         include_idle = 1;
+         break;
+
        case 'p':
          need_initspawn = 1;
          assumptions = 0;

[Prev in Thread]

Current Thread

[Next in Thread]

Modified WHO to guard against DNS cache poisoning, Bill Crowell <=

Prev by Date: Re: Bug#353911: md5sum --check checks only if _all_ are bad
Next by Date: shell echo do not print special letters
Previous by thread: Bug#353911: md5sum --check checks only if _all_ are bad
Next by thread: shell echo do not print special letters
Index(es):
- Date
- Thread