Date: Wed, 8 Aug 2001 17:39:47 -0500 From: Alfred Perlstein <bright@mu.org> To: David G Andersen <danderse@cs.utah.edu> Cc: Yar Tikhiy <yar@FreeBSD.ORG>, security@FreeBSD.ORG Subject: Re: finger/fingerd & home directory permissions Message-ID: <20010808173947.I85642@elvis.mu.org> In-Reply-To: <200108082235.f78MZ2p10632@faith.cs.utah.edu>; from danderse@cs.utah.edu on Wed, Aug 08, 2001 at 04:35:02PM -0600 References: <20010809020831.B44660@comp.chem.msu.su> <200108082235.f78MZ2p10632@faith.cs.utah.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
* David G Andersen <danderse@cs.utah.edu> [010808 17:36] wrote: > Lo and behold, Yar Tikhiy once said: > > > > In the case of local access, it's no problem, since anyone may read > > /etc/passwd directly. OTOH, letting remote folks peek at user > > information even if the user wants to hide himself is a bad thing. > > > > The issue I'd like to submit to discussion is what way to choose: > > > > a) Add a command-line option to finger(1) and fingerd(8) telling > > them not to reveal user information if the user's homedir is > > protected. > > > > b) Similar to a), but hide such users by default. > > > > c) Don't bother at all :-) > > > > Personally, I'd prefer b) since it's most secure and seems to break > > nothing. Do I overlook any complications? > > Yes - it breaks the semantics of the existing fingerds that > people are used to. It's a gratuitious change with little benefit > that would simply confuse people who have a reasonable expectation > about what the default behavior of 'finger' should be. Don't do (b). Actually, I'd prefer (b) if it was a command line option. ie, not the default. -- -Alfred Perlstein [alfred@freebsd.org] Ok, who wrote this damn function called '??'? And why do my programs keep crashing in it? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010808173947.I85642>