[1558] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: FYI: Possible information disclosure in cfingerd.

daemon@ATHENA.MIT.EDU (Ken Hollis)
Tue May 27 07:06:31 1997

Date: Mon, 26 May 1997 23:15:05 -0700 (PDT)
From: Ken Hollis <khollis@northwest.com>
To: goemon@sasami.anime.net
cc: linux-security@redhat.com, BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199705270005.VAA08935@morcego.linkway.com.br>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

What this guy is failing to tell EVERYONE on these lists is this is not a
security issue because you can turn this off.

Since I am no longer working on cfingerd (and have yet to find a
maintainer), I have no intention to fix the bug yet.  I've got more
important things to do.  However, if you find search.**@host to be a
problem, I recommend this to avoid confusion or complaints:

TURN OFF SEARCHING.  END OF STORY.

Don't bitch about it - just turn it off!  Cfingerd only provided this to
be semi-compliant with GNU Fingerd.  I was tempted to remove it from
cfingerd altogether, but if I did that, I'd get other people breathing
down my neck to turn it back on.

*sigh*.  You can't please everyone.  So, if you don't want it, TURN IT OFF
and stop complaining!  I'm tired of copying Bugtraq in on these ANCIENT
problems!

-- Ken Hollis
---
    ----------------------------------------------------------------------
   |  Ken T. Hollis         || Autobahn Sys Admin || Freeware/GPL Hacker  |
   |  khollis@northwest.com ||  Webmaster/Hacker  ||    Linux Net Junkie  |
    ----------------------------------------------------------------------
      ^_^ -_- ;o @_@ +_+ 6_6 ^_^! ;_; *^.^* q(^_^)p $_$ v_v o_O 9.97 p_q


home help back first fref pref prev next nref lref last post