[1558] in linux-security and linux-alert archive
[linux-security] Re: FYI: Possible information disclosure in cfingerd.
daemon@ATHENA.MIT.EDU (Ken Hollis)
Tue May 27 07:06:31 1997
Date: Mon, 26 May 1997 23:15:05 -0700 (PDT)
From: Ken Hollis <khollis@northwest.com>
To: goemon@sasami.anime.net
cc: linux-security@redhat.com, BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199705270005.VAA08935@morcego.linkway.com.br>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
What this guy is failing to tell EVERYONE on these lists is this is not a
security issue because you can turn this off.
Since I am no longer working on cfingerd (and have yet to find a
maintainer), I have no intention to fix the bug yet. I've got more
important things to do. However, if you find search.**@host to be a
problem, I recommend this to avoid confusion or complaints:
TURN OFF SEARCHING. END OF STORY.
Don't bitch about it - just turn it off! Cfingerd only provided this to
be semi-compliant with GNU Fingerd. I was tempted to remove it from
cfingerd altogether, but if I did that, I'd get other people breathing
down my neck to turn it back on.
*sigh*. You can't please everyone. So, if you don't want it, TURN IT OFF
and stop complaining! I'm tired of copying Bugtraq in on these ANCIENT
problems!
-- Ken Hollis
---
----------------------------------------------------------------------
| Ken T. Hollis || Autobahn Sys Admin || Freeware/GPL Hacker |
| khollis@northwest.com || Webmaster/Hacker || Linux Net Junkie |
----------------------------------------------------------------------
^_^ -_- ;o @_@ +_+ 6_6 ^_^! ;_; *^.^* q(^_^)p $_$ v_v o_O 9.97 p_q