[1177] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Finger Doubt

daemon@ATHENA.MIT.EDU (Richard Huveneers)
Tue Sep 24 17:52:06 1996

To: linux-security@tarsier.cv.nrao.edu
Date: 23 Sep 1996 20:44:48 GMT
From: richard@hekkihek.hacom.nl (Richard Huveneers)
Reply-To: richard@hekkihek.hacom.nl

In article <Pine.LNX.3.95.960918181033.2523A-100000@shadow.banki.hu>, chexum@shadow.banki.HU (Janos Farkas) writes:
>
>However if you just need a finger daemon, you may take a look at xfingerd,
>at
>ftp://ftp.banki.hu:/pub/xfingerd/xfingerd-0.1.tar.gz
>which is the one I wrote when I got desperate about cfingerd. (If you take
>a look at its date stamp, you can see that cfingerd is long broken..)  I
>too can't garantee that it's good for you, but it at least doesn't require
>to be run as root, which is why I started being against cfingerd.

I downloaded cfingerd once too. After examining the source code and some
communications with the author (he responded quickly), I didn't trust it
either.

Did a lot of searching on the web and found 'ffingerd'. This one looks
very secure to me. For instance, it's not capable of forwarding finger
queries and global (@...) finger queries. It should be run as nobody and
supports the '.nofinger' file in the users home-dir.

This one was just what I was looking for. I have been running it for the
past 6 months without any problems/complaints.

It has a web page somewhere. Don't have it online here (sorry).

Hope this helps,

Richard.

home help back first fref pref prev next nref lref last post