[161] in linux-security and linux-alert archive
Re: finger @ bug
daemon@ATHENA.MIT.EDU (Rafal Maszkowski)
Tue Mar 14 05:34:32 1995
From: rzm@oso.chalmers.se (Rafal Maszkowski)
To: linux-security@tarsier.cv.nrao.edu
Date: Tue, 14 Mar 1995 02:23:04 +0100 (MET)
In-Reply-To: <m0roGgH-000xIbC@hq.jcic.org> from "Daniel Hollis" at Mar 13, 95 12:25:32 pm
X-Acknowledge-To: <rzm@oso.chalmers.se>
[mod: Can we please cut this discussion short? IMHO, the recursive finger
is really a feature, although it would be fine if it was disabled by
default. Another problem (which is a real bug) is what Rafal writes about;
if your finger joe@@@@@@@@@@@@@@foo.edu, many fingerd's will create lots
of processes that seem to hang around indefinitely.
Follow-ups to this post will be redirected to the author unless they
add something significantly new. --okir
]
Daniel Hollis writes:
> This has been known for a *long* time. Almost a year. The patches have
> already been available on sunsite for ages. The solution is to run a
> patched in.fingerd, or a different fingerd altogether, like cfingerd.
Are you sure the patches on sunsite are against recursive finger? I think
they were helping only in denial of service @@@@@@@@@ bug.
R.
--
Rafal Maszkowski rzm@oso.chalmers.se http://www.mat.uni.torun.pl/~rzm
Opinia publiczna powinna byc zaalarmowana swoim nieistnieniem - St. J. Lec
