From owner-freebsd-questions Thu Nov 21 19:18:35 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B83D37B401 for ; Thu, 21 Nov 2002 19:18:34 -0800 (PST) Received: from boris.st.hmc.edu (boris.ST.HMC.Edu [134.173.63.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1CCD843E6E for ; Thu, 21 Nov 2002 19:18:34 -0800 (PST) (envelope-from jeff@unixconsults.com) Received: from boris.st.hmc.edu (localhost [127.0.0.1]) by boris.st.hmc.edu (8.12.3/8.12.3) with ESMTP id gAM3ITKS005369; Thu, 21 Nov 2002 19:18:29 -0800 (PST) Received: from localhost (jeff@localhost) by boris.st.hmc.edu (8.12.3/8.12.3/Submit) with ESMTP id gAM3IThR005366; Thu, 21 Nov 2002 19:18:29 -0800 (PST) (envelope-from jeff@unixconsults.com) X-Authentication-Warning: boris.st.hmc.edu: jeff owned process doing -bs Date: Thu, 21 Nov 2002 19:18:29 -0800 (PST) From: Jeff Jirsa X-X-Sender: jeff@boris.st.hmc.edu To: JacobRhoden Cc: freebsd-questions@FreeBSD.ORG Subject: Re: enabling finger - why not? In-Reply-To: <200211221358.42586.jrhoden@unimelb.edu.au> Message-ID: <20021121191500.Q5341-100000@boris.st.hmc.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-milter on boris.st.hmc.edu Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 22 Nov 2002, JacobRhoden wrote: > Hi, > > I have a machine which has a number of users, and its a 'possibility' that > they could do something they shouldnt. What are the reasons which I may not > want finger enabled? > > (The machine has sendmail and httpd, so a DoS through the finger port is > probably not an issue) Finger is relatively safe. Most of the arguments for not allowing it involve privacy rather than security (I don't really like people knowing when I log in and out, if they need to bother me, there are better ways to track me down). It's possible a hole may be found in finger(d) in the future, but there are none at the moment, and haven't been any in the near past. There are some horrible holes in some of the old (g|c)fingerd programs that run on some of the linux and solaris boxes I've seen, but in general, the one in whichever version of bsd you're running should be more than safe. - Jeff Jirsa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message