From owner-freebsd-questions  Tue Feb  9 19:42:24 1999
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA01249
          for freebsd-questions-outgoing; Tue, 9 Feb 1999 19:42:24 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from wopr.caltech.edu (wopr.caltech.edu [131.215.240.222])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA01243
          for <freebsd-questions@FreeBSD.ORG>; Tue, 9 Feb 1999 19:42:23 -0800 (PST)
          (envelope-from mph@wopr.caltech.edu)
Received: (from mph@localhost)
	by wopr.caltech.edu (8.9.2/8.9.1) id TAA90009;
	Tue, 9 Feb 1999 19:42:13 -0800 (PST)
	(envelope-from mph)
Date: Tue, 9 Feb 1999 19:42:13 -0800
From: Matthew Hunt <mph@pobox.com>
To: Greg Lehey <grog@lemis.com>
Cc: Gregory Sutter <gsutter@pobox.com>, freebsd-questions@FreeBSD.ORG
Subject: Re: finger
Message-ID: <19990209194213.A89829@wopr.caltech.edu>
References: <XFMail.990210113213.keith@apcs.com.au> <Pine.BSF.4.05.9902092011100.388-100000@nyc-ny69-14.ix.netcom.com> <19990209190356.A7841@orcrist.mediacity.com> <19990210135059.G71962@freebie.lemis.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.1i
In-Reply-To: <19990210135059.G71962@freebie.lemis.com>; from Greg Lehey on Wed, Feb 10, 1999 at 01:50:59PM +1030
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Feb 10, 1999 at 01:50:59PM +1030, Greg Lehey wrote:

> How can you know it's a finger from root?

Check the EUID in hide() in src/usr.bin/finger/util.c; in inetd.conf,
run fingerd as nobody (which is the default).

(I don't think anybody's expecting "finger @localhost" by root to
recognize your rootfulness.)

With this change, I think everything works per Greg's wishes:

wopr:~$ whoami
mph
wopr:~$ touch .nofinger
wopr:~$ finger
No one logged on.
wopr:~$ sudo finger
Login            Name                 TTY  Idle  Login Time   Office  Phone
mph              Matthew Hunt         p1         Jan 30 14:11 03 Robi +1 626 39
mph              Matthew Hunt         p4         Jan 30 15:27 03 Robi +1 626 39
mph              Matthew Hunt         p5     23  Feb  1 20:42 03 Robi +1 626 39
wopr:~$ finger @localhost
[localhost]
No one logged on.

Index: util.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/finger/util.c,v
retrieving revision 1.5
diff -u -r1.5 util.c
--- util.c	1997/07/02 06:34:51	1.5
+++ util.c	1999/02/10 03:40:17
@@ -393,6 +393,9 @@
 {
 	char buf[MAXPATHLEN+1];
 
+	if (!geteuid())
+		return 0;
+
 	if (!pw->pw_dir)
 		return 0;
 


-- 
Matthew Hunt <mph@pobox.com> * Science rules.
http://www.pobox.com/~mph/pgp.key for PGP public key 0x67203349.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message