[1177] in linux-security and linux-alert archive
Re: [linux-security] Finger Doubt
daemon@ATHENA.MIT.EDU (Richard Huveneers)
Tue Sep 24 17:52:06 1996
To: linux-security@tarsier.cv.nrao.edu
Date: 23 Sep 1996 20:44:48 GMT
From: richard@hekkihek.hacom.nl (Richard Huveneers)
Reply-To: richard@hekkihek.hacom.nl
In article <Pine.LNX.3.95.960918181033.2523A-100000@shadow.banki.hu>, chexum@shadow.banki.HU (Janos Farkas) writes:
>
>However if you just need a finger daemon, you may take a look at xfingerd,
>at
>ftp://ftp.banki.hu:/pub/xfingerd/xfingerd-0.1.tar.gz
>which is the one I wrote when I got desperate about cfingerd. (If you take
>a look at its date stamp, you can see that cfingerd is long broken..) I
>too can't garantee that it's good for you, but it at least doesn't require
>to be run as root, which is why I started being against cfingerd.
I downloaded cfingerd once too. After examining the source code and some
communications with the author (he responded quickly), I didn't trust it
either.
Did a lot of searching on the web and found 'ffingerd'. This one looks
very secure to me. For instance, it's not capable of forwarding finger
queries and global (@...) finger queries. It should be run as nobody and
supports the '.nofinger' file in the users home-dir.
This one was just what I was looking for. I have been running it for the
past 6 months without any problems/complaints.
It has a web page somewhere. Don't have it online here (sorry).
Hope this helps,
Richard.