From owner-freebsd-security  Wed Aug  8 15:35:19 2001
Delivered-To: freebsd-security@freebsd.org
Received: from wrath.cs.utah.edu (wrath.cs.utah.edu [155.99.198.100])
	by hub.freebsd.org (Postfix) with ESMTP
	id 64F6537B401; Wed,  8 Aug 2001 15:35:04 -0700 (PDT)
	(envelope-from danderse@cs.utah.edu)
Received: from faith.cs.utah.edu (faith.cs.utah.edu [155.99.198.108])
	by wrath.cs.utah.edu (8.11.1/8.11.1) with ESMTP id f78MZ3L10346;
	Wed, 8 Aug 2001 16:35:03 -0600 (MDT)
From: David G Andersen <danderse@cs.utah.edu>
Received: (from danderse@localhost)
	by faith.cs.utah.edu (8.11.1/8.11.1) id f78MZ2p10632;
	Wed, 8 Aug 2001 16:35:02 -0600 (MDT)
Message-Id: <200108082235.f78MZ2p10632@faith.cs.utah.edu>
Subject: Re: finger/fingerd & home directory permissions
To: yar@FreeBSD.ORG (Yar Tikhiy)
Date: Wed, 8 Aug 2001 16:35:02 -0600 (MDT)
Cc: hackers@FreeBSD.ORG, security@FreeBSD.ORG
In-Reply-To: <20010809020831.B44660@comp.chem.msu.su> from "Yar Tikhiy" at Aug 09, 2001 02:08:31 AM
X-Mailer: ELM [version 2.5 PL2]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Lo and behold, Yar Tikhiy once said:
> 
> In the case of local access, it's no problem, since anyone may read
> /etc/passwd directly. OTOH, letting remote folks peek at user
> information even if the user wants to hide himself is a bad thing.
> 
> The issue I'd like to submit to discussion is what way to choose:
> 
> a) Add a command-line option to finger(1) and fingerd(8) telling
>    them not to reveal user information if the user's homedir is
>    protected.
> 
> b) Similar to a), but hide such users by default.
> 
> c) Don't bother at all :-)
> 
> Personally, I'd prefer b) since it's most secure and seems to break
> nothing. Do I overlook any complications?

  Yes - it breaks the semantics of the existing fingerds that
people are used to.  It's a gratuitious change with little benefit
that would simply confuse people who have a reasonable expectation
about what the default behavior of 'finger' should be.  Don't do (b).

  -Dave

-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message