Date: Sat, 14 Oct 1995 22:28:12 +0300 (MSK) From: dv@xkis.nnov.su (Dmitry Valdov) To: freebsd-bugs@freebsd.org Subject: secure finger is not enought secure Message-ID: <199510141928.WAA22224@xkis.nnov.su>
next in thread | raw e-mail | index | archive | help
> > > But i can finger this host anyway (without specifying username): > > > > -- > > > > merahq: {2} telnet localhost finger > > Trying 127.0.0.1... > > Connected to localhost. > > Escape character is '^]'. > > This is an entirely different matter. It's not the finger service as > invoked via inetd(8). No. It is finger service, invoked via inetd (because i'm TELNETTING to localhost). localhost is just for an example. > If you've already got access to the local > machine, it doesn't make sense if you couldn't run finger locally. > ok. Try to telnet <any_freebsd_host> finger_port_number after connect, type '-l' (without quotes). And u'll see finger information of all users currently logged in. Dmitry. PS. I think, it's a bug in FreeBSD's finger.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510141928.WAA22224>