Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 9 Feb 1999 20:53:41 -0800
From:      Gregory Sutter <gsutter@pobox.com>
To:        Greg Lehey <grog@lemis.com>
Cc:        Matthew Hunt <mph@pobox.com>, freebsd-questions@FreeBSD.ORG
Subject:   Re: finger
Message-ID:  <19990209205341.A10604@orcrist.mediacity.com>
In-Reply-To: <19990210150256.I71962@freebie.lemis.com>; from Greg Lehey on Wed, Feb 10, 1999 at 03:02:57PM %2B1030
References:  <XFMail.990210113213.keith@apcs.com.au> <Pine.BSF.4.05.9902092011100.388-100000@nyc-ny69-14.ix.netcom.com> <19990209190356.A7841@orcrist.mediacity.com> <19990210135059.G71962@freebie.lemis.com> <19990209194213.A89829@wopr.caltech.edu> <19990210150256.I71962@freebie.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Feb 10, 1999 at 03:02:57PM +1030, Greg Lehey wrote:
> On Tuesday,  9 February 1999 at 19:42:13 -0800, Matthew Hunt wrote:
> > On Wed, Feb 10, 1999 at 01:50:59PM +1030, Greg Lehey wrote:
> >
> >> How can you know it's a finger from root?
> >
> > Check the EUID in hide() in src/usr.bin/finger/util.c; in inetd.conf,
> > run fingerd as nobody (which is the default).
> >
> > (I don't think anybody's expecting "finger @localhost" by root to
> > recognize your rootfulness.)
> 
> Hmm.  These may be Greg's wishes, in which case that's OK.  But that's
> not the purpose of finger.  There are other tools to look at users on
> localhost; the normal use of finger is across the network, and this
> hack doesn't work there.

To you, the normal use of finger may be across the network.  But how
can you speak for everybody?  You certainly don't speak for finger.1,
which says:

     DESCRIPTION
          The finger displays information about the system users.

...and goes on, toward the end, to finally mention:

          Finger may be used to look up users on a remote machine.  The
          format is to specify a user as ``user@host''...

I don't consider this a hack, as it should be possible for the
superuser to finger every user on the system should (s)he wish to do
so.

Greg
-- 
Gregory S. Sutter                    Computing is a terminal addiction.
mailto:gsutter@pobox.com
http://www.pobox.com/~gsutter/
PGP DSS public key 0x40AE3052

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990209205341.A10604>