Date: Sat, 14 Oct 1995 18:56:45 +0100 (MET) From: J Wunsch <j@uriah.heep.sax.de> To: dv@xkis.nnov.su (Dmitry Valdov) Cc: freebsd-bugs@freebsd.org Subject: Re: secure finger is not enought secure Message-ID: <199510141756.SAA11380@uriah.heep.sax.de> In-Reply-To: <199510141719.UAA20828@xkis.nnov.su> from "Dmitry Valdov" at Oct 14, 95 08:19:28 pm
next in thread | previous in thread | raw e-mail | index | archive | help
As Dmitry Valdov wrote:
>
> is this a bug or feature? ;-)
> if i trying to finger host without providing username:
>
> --
>
> merahq: {1} finger @localhost
> [localhost]
> must provide username
This is a feature.
> But i can finger this host anyway (without specifying username):
>
> --
>
> merahq: {2} telnet localhost finger
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
This is an entirely different matter. It's not the finger service as
invoked via inetd(8). If you've already got access to the local
machine, it doesn't make sense if you couldn't run finger locally.
--
cheers, J"org
joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510141756.SAA11380>