Date: Sat, 11 Aug 2001 08:43:10 +0400 From: Yar Tikhiy <yar@FreeBSD.ORG> To: hackers@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: finger/fingerd & home directory permissions Message-ID: <20010811084310.B29956@comp.chem.msu.su> In-Reply-To: <20010809020831.B44660@comp.chem.msu.su>; from yar@FreeBSD.ORG on Thu, Aug 09, 2001 at 02:08:31AM %2B0400 References: <20010809020831.B44660@comp.chem.msu.su>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 09, 2001 at 02:08:31AM +0400, Yar Tikhiy wrote: > > Currently, finger(1) reveals user information if the user > has created the ``.nofinger'' file, but his home directory > is unreadable for finger(1). > > In the case of local access, it's no problem, since anyone may read > /etc/passwd directly. OTOH, letting remote folks peek at user > information even if the user wants to hide himself is a bad thing. > > The issue I'd like to submit to discussion is what way to choose: > > a) Add a command-line option to finger(1) and fingerd(8) telling > them not to reveal user information if the user's homedir is > protected. > > b) Similar to a), but hide such users by default. > > c) Don't bother at all :-) Thank everyone for your suggestions and comments. I'm going to take the a) way. -- Yar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010811084310.B29956>