[1176] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Cfinger (Yet more :)

daemon@ATHENA.MIT.EDU (Grant Taylor)
Tue Sep 24 17:48:41 1996

To: David Holland <dholland@hcs.HARVARD.EDU>
cc: linux-security@tarsier.cv.nrao.edu
From: Grant Taylor <gtaylor+linsec092396@picante.com>
In-reply-to: Your message of "Mon, 23 Sep 1996 13:58:06 EDT."
             <199609231758.NAA26697@hcs.harvard.edu> 
Date: Mon, 23 Sep 1996 14:21:02 -0400

>>>>> David Holland <dholland@hcs.harvard.edu> writes:

>> My little fingerd is extremely simple, and is intended to be
>> relatively secure while still returning who's where on my machines.
>> Rather than trust cfinger or rehash the same idea, I took the easy way
>> out - this fingerd reads information from /var/rwho.  

> Aside from the fact that the standard rwho protocol is a complete
> loss, this isn't a bad idea. The only problem is that rwho doesn't
> give last login information. This may or may not be an issue.

It's not an issue for me, since last login time is among the things I
*don't* want to give out.  You are certainly correct that the rwho
protocol is pathetic, but it has the advantage of being already
written and more or less adequate for single segment networks where
you trust people.

> (Also, why the fuss about fingerd? fingerd is just a wrapper that
> runs finger.)

Because I like different levels of information for random net users
and local users.  Local users are welcome to know where each other's
mail goes, when foo was last on, etc.  "Strangers" are welcome to know
who's where now and only now, and whatever my users explicitly give
away in .plan and .project.

I also have an unreasoning fear of any network sevice that runs
commands derived from untrusted input, particularly when it's not
subject to as much scrutiny as, say, sendmail or httpd.

--
Grant Taylor - gtaylor@picante.com - http://www.picante.com/~gtaylor/
  Where do these people come from?       Finger for PGP public key. 

home help back first fref pref prev next nref lref last post