Date: Sat, 14 Oct 1995 22:28:12 +0300 (MSK) From: dv@xkis.nnov.su (Dmitry Valdov) To: freebsd-bugs@freebsd.org Subject: secure finger is not enought secure Message-ID: <199510141928.WAA22224@xkis.nnov.su>
next in thread | raw e-mail | index | archive | help
>
> > But i can finger this host anyway (without specifying username):
> >
> > --
> >
> > merahq: {2} telnet localhost finger
> > Trying 127.0.0.1...
> > Connected to localhost.
> > Escape character is '^]'.
>
> This is an entirely different matter. It's not the finger service as
> invoked via inetd(8).
No. It is finger service, invoked via inetd (because i'm TELNETTING to
localhost). localhost is just for an example.
> If you've already got access to the local
> machine, it doesn't make sense if you couldn't run finger locally.
>
ok. Try to telnet <any_freebsd_host> finger_port_number
after connect, type '-l' (without quotes). And u'll see finger information
of all users currently logged in.
Dmitry.
PS. I think, it's a bug in FreeBSD's finger.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510141928.WAA22224>