Date: Wed, 8 Aug 2001 16:41:38 -0600 (MDT) From: David G Andersen <danderse@cs.utah.edu> To: bright@mu.org (Alfred Perlstein) Cc: danderse@cs.utah.edu (David G Andersen), yar@FreeBSD.ORG (Yar Tikhiy), security@FreeBSD.ORG Subject: Re: finger/fingerd & home directory permissions Message-ID: <200108082241.f78Mfcr11144@faith.cs.utah.edu> In-Reply-To: <20010808173947.I85642@elvis.mu.org> from "Alfred Perlstein" at Aug 08, 2001 05:39:47 PM
next in thread | previous in thread | raw e-mail | index | archive | help
Lo and behold, Alfred Perlstein once said: > > > > a) Add a command-line option to finger(1) and fingerd(8) telling > > > them not to reveal user information if the user's homedir is > > > protected. > > > > > > b) Similar to a), but hide such users by default. > > > > > > c) Don't bother at all :-) > > > > > > Personally, I'd prefer b) since it's most secure and seems to break > > > nothing. Do I overlook any complications? > > > > Yes - it breaks the semantics of the existing fingerds that > > people are used to. It's a gratuitious change with little benefit > > that would simply confuse people who have a reasonable expectation > > about what the default behavior of 'finger' should be. Don't do (b). > > Actually, I'd prefer (b) if it was a command line option. > > ie, not the default. And this differs from suggestion (a) in exactly what way? :) -Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108082241.f78Mfcr11144>