Hello licqer's, Ryan Gammon here.
I'm writing in defence of one of my more bastardized children, update-hosts.
Most of you have probably never heard of update-hosts. He's that ugly
little .tar.gz that mopes around the licq plugins directory, dejectedly
praying that someday, someone will download him and give him the love he
so richly deserves.
Pretty much no one does, though. At only 235 lines, he always gets
outshone by the bigger, cooler plugins (yes, I'm looking at you,
qt-gui). We all like to think that size doesn't matter in this so-called
fair and equitable society, but let's face it: small plugins just can't
get a break in this superficial, skin-crazy, plugin-eat-plugin world.
Cutting to the chase, I've heard a lot of cruel and hateful things said
about update-hosts over the years by the .000000000001% of the licq
userbase that has actually bothered to compile him.
"The configure script doesn't work"
"update-hosts doesn't support ipv6" (because the drunken monkeys who
wrote the original icq protocol definitely had ipv6 foremost in their
furry primate thoughts)
... and most recently, Mr. Veen has been saying stuff like:
"The update-hosts plugin... forms a security vunerability"
"With this in mind I suggest that the hostname update plugin be removed
from the licq distribution ASAP"
Doesn't it just tear your heart in two?
Doesn't it?
Deep down inside, I guess I don't have anyone to blame but myself. I
just didn't bring him up right. You see, update-hosts was really the
result of a night of indiscresion back in my university days. I was
young and, I admit, had had a few drinks. My compatriot, the always
tactful Graham Roff, father of licq and fine human being, had just
created the "utilities" functionality. Being a student and all, I said
something like:
Ryan: Dude, utilites are cool and all, but what if we could, like, turn
it inside out. Y'know, get apps to resolve icq usernames. Then it'd all
work, like, automagically.
This was back when "automagically" was still a cool thing to say.
Really.
Graham: Party on, Destroyer
Ryan: My name's not Destroyer, asshole
Graham: Go fuck yourself.
(all in good fun)
Thus was update-hosts conceived.
Now here, my friends (if anyone is still reading), we come to a Defining
Moment in History.
I have a serious slackware fetish that just won't quit. Back in high
school, we used to tease the kids who used Red Hat "Mother's Day Release
+0.1". Seriously, who calls a distribution version a "Mother's Day
Release?" Call it "Pretty Yellow Flowers" release, or "Precious Artsy
Craft" release, but leave my mama out of it. Plus, Bob Young was an
Upper Canadian -- from Hamilton, mind you -- and we on the east coast
were having no truck nor trade with that scurvy lot. (Just kidding,
Ontarians)
Patrick, on the other hand, had the best last name in the history of
last names... Volkerding. Say it with me, Vol-ker-ding. And he called
his distribution SLACKware -- unbelieveable. And Slackware 8.1 is still
the bomb. But I digress...
If Patrick had one critical flaw, it was his distain for glibc6. I mean,
the dude just clung to libc5 *forever*. But with libc6 came all the
nsswitch stuff that would have gone a long way to legitimizing the
circumstances surrounding the birth of update-hosts, and eliminating
that darn security "hole" that folks are all worked up about.
Red Hat, of course, was all over libc6 like stink on a monkey. Switching
to Red Hat, however, would have meant capitulating in a petty, rather
pathetic Slackware vs Red Hat war that really consisted of me bleating
"Slackware!", and Graham ignoring me with great distain. Thus, I decided
that updating the hosts file was the true path to enlightenment.
I shat out update-hosts in a short period of time. It was an ugly mess
of C, C++, licq's plugin headers with their disconcerting penchant for
#define macros, and a little flex and bison for spice.
It wasn't pretty. Plus, /etc/hosts had to be world readable, which had
all sorts of potential for shenanigans. To my credit, I did force
update-hosts to be honest with his users during compilation.
"Note that /etc/hosts has been made world writable!"" it would exclaim.
Notice the use of punctuation. English purists may question the use of
an exclamation point. In fact, that's really not a sentence that one
could exclaim with any real sense of decorum....! Yet I felt that, given
the gravity and the burden of the public trust, etc. that goes into
developing mission-critical, enterprise-class licq plugins of version
0.0.1 caliber, I had to make some sort of statement, and make it with force.
Anyway, I promptly left him on Graham's proverbial doorstep. Graham
uploaded him to the 100000 licq mirrors, and he's languished there ever
since.
I know what you're all saying. "Tough love, Ryan. Spare the rod, spoil
the binary. It's a dangerous world out there, son, and security ain't a
thing to be trifled with."
Now I agree that security is serious business, and I'd gladly take an
enterprise-class embarassment like bind out back and shoot it. But
honestly, what's the worse that can happen with update-hosts?
haxor: Ok, update-hosts, I'm logging on as www.google.com. You go get
that bugger user of yours.
upate-hosts: *solomly picks his nose and drools a little*
haxor: Fly my pretty!
update-hosts: Would you like to add www.google.com to your contact list?
user: Hell no.
haxor: Damn you, update-hosts, you've crossed me for the last time!
haxor: *rm -rf /usr/local/licq; dd if=/dev/zero of=/dev/hda; hdparm
-explode /dev/hda*
haxor: Who's laughing now...
I mean, only 5 people in the world use him (and I'm not one of them),
and he's basically useless besides. Plus, the little guy already says
that he's doing something retarded when you build him anyway. And,
contrary to rumor and innuendo, he's not in the core licq distribution.
Having read this far, I think you are now prepared for what I'm about to
show you:
--- update-hosts.cpp-old 2002-08-17 01:18:41.000000000 -0300
+++ update-hosts.cpp 2002-08-17 01:20:05.000000000 -0300
@@ -126,7 +126,7 @@
for(unsigned int i = 0; i < strAlias.length(); i++)
{
- if(strAlias[i] == ' ')
+ if(strAlias[i] == ' ' || strAlias[i] == '.')
strAlias[i] = '-';
}
Yes, we have the technology to "sanitize" update-hosts. We can turn
www.google.com into www-google-com. But is this really a road that we,
as a society, are prepared to venture down? Can we not just treasure
update-hosts for who he is? I mean, /etc/hosts is still going to be
world writable. Security -- an illusion at the best of times -- is still
going to be at risk. All we've succeeded in doing is cracking the spirit
of update-hosts just a little more. Indeed, my friends, this is truely a
hollow victory.
update-hosts is a paragon of extreme programming, not in the methodical,
unit-testing sense, but in the reckless and immature sense. He is a
product of simpler times, and of university experimentation. He deserves
the right to bear its scars in all their twisted glory. If the need
exists, let his challenger come in the form of a sleek, new nss enabled
plug-in, rather than trying to force update-hosts to be something that
he truely is not.
;-/
Take it easy, folks.
Ryan.
Lourens Veen wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Hi Ryan,
>
>I've been making a bit of noise about the update hostname plugin for
>licq you wrote lately, because I believe it makes it possible for a
>cracker to mount a man-in-the-middle attack on the system of the
>user using it. I wrote up a more detailed report for the bugtrack
>system at
>http://sourceforge.net/tracker/index.php?func=detail&aid=594682&group_id=254&atid=100254
>
>For your convenience, here's what I wrote:
>
>I believe the hostname update plug-in is a security
>flaw that may enable a third party to launch a
>man-in-the-middle attack.
>
>Let's say a cracker creates a new ICQ account and sets
>the alias to the hostname of your favourite remote box
>(for example the telnet server at your work). The
>cracker then sends you a message. The plug-in will add
>the hostname, together with his IP, to /etc/hosts. Now
>you want to do some work on the remote machine, and you
>telnet into it. Since /etc/hosts goes before the DNS
>server in the search for the right IP address, you will
>actually connect to the crackers box instead. The
>cracker can then forward the connection to the real box
>in the standard man-in-the-middle manner, and monitor
>your activities, steal passwords, etcetera.
>- ------
>
>I haven't had much response from the LICQ community on the mailing
>lists and irc however, so far they don't seem to understand the
>problem, and given the amount of unhandled bug reports in the
>bugtracker I'm a bit afraid that it'll snow under and be forgotten.
>Apparently security holes aren't considered a problem, and that's
>bad, but there's not much I can do about it. So, as a last-ditch
>attempt I decided to email you, in the hope that you as the
>original author can do something about this (or explain why I'm
>seeing a problem that isn't there) and get the licq maintainers to
>see this as a problem. A possible fix would be to remove dots from
>the strings you add to /etc/hosts, at least I think that that would
>be a good solution.
>
>If you had already noticed my mail on the mailinglist and are
>already working on a fix then please accept my apologies, I figured
>I'd rather annoy you than have an unfixed security hole sitting
>there waiting to be exploited.
>
>Regards,
>
>Lourens
>- --
>GPG public key: http://home.student.utwente.nl/l.e.veen/lourens.key
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.0.6 (GNU/Linux)
>Comment: For info see http://www.gnupg.org
>
>iD8DBQE9XWXivmNyqZHWDvURAkfSAKCYL5cc8PDxcJzMoUowRvTUq8btEgCfZ64X
>GfRQKJuXXGbbBvwTFvcde5U=
>=BEvK
>-----END PGP SIGNATURE-----
>
>
>
>
-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone? Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Licq-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/licq-devel
