Date: Sat, 28 Jul 2001 05:30:08 -0700 From: Dima Dorfman <dima@unixfreak.org> To: Yar Tikhiy <yar@freebsd.org> Cc: audit@freebsd.org Subject: Re: finger(1) & fingerd(8) Message-ID: <20010728123013.E88223E2F@bazooka.unixfreak.org> In-Reply-To: <20010728155159.A35483@snark.rinet.ru>; from yar@freebsd.org on "Sat, 28 Jul 2001 15:51:59 %2B0400"
next in thread | previous in thread | raw e-mail | index | archive | help
Yar Tikhiy <yar@freebsd.org> writes: > Hi, > > Currently, finger(1) reveals user information if the user > has created the ``.nofinger'' file, but his home directory > is unreadable for finger(1). > > In the case of local access, it's no problem, since anyone may read > /etc/passwd directly. OTOH, letting remote folks peek at user > information even if the user wants to hide himself is a bad thing. > > Therefore, a patch is proposed that adds an option telling finger(1) > fingerd(1) not to show users whose home directories are unreadable. > > Another way is not to do the bad thing by default. Any comments? This is just a review list, so it isn't the right place to propose something like this. -arch or -hackers would be better. On another note, I think you should do the ".nofinger" -> _PATH_NOFINGER separately. That part (most likely) doesn't need a discussion, so you can apply that now so your diff is less cluttered. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010728123013.E88223E2F>