Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!sun-barr!cs.utexas.edu!yale!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.wizards
Subject: Re: special files as .plans?
Message-ID: <15396:Aug2717:15:5690@kramden.acf.nyu.edu>
Date: 27 Aug 90 17:15:56 GMT
References: <1990Aug24.224727.26823@boingo.med.jhu.edu> <7391@star.cs.vu.nl>
Organization: IR
Lines: 11

In article <7391@star.cs.vu.nl> maart@cs.vu.nl (Maarten Litmaath) writes:
> The real bug is fingerd running as
> root: root can open any (local) file...  (Think about it!)

Of course, this is only a problem when the cracker has a local account.

This is one reason why fingerd runs as ``nobody'' (or a similarly
restricted user) under current systems. The servers provided with
authutil do this correctly.

---Dan