Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!usc!apple!agate!saab.stanford.edu!neon!lucid.com!jwz From: jwz@lucid.com (Jamie Zawinski) Newsgroups: comp.unix.programmer Subject: Who's fingering me? (was Re: how to put a program into a .plan file) Message-ID: Date: 30 Sep 90 06:19:08 GMT References: <2867@litchi.bbn.com> <376@ra.abo.fi> <4109@rtifs1.UUCP> <38200@eerie.acsu.Buffalo.EDU> <1990Sep29.141154.3546@ibmpcug.co.uk> Sender: jwz@lucid.com Organization: Lucid, Inc., Menlo Park, CA Lines: 48 In-reply-to: dylan@ibmpcug.co.uk's message of 29 Sep 90 14:11:54 GMT In article <1990Sep29.141154.3546@ibmpcug.co.uk> dylan@ibmpcug.co.uk (Matthew Farwell) writes: > In article <38200@eerie.acsu.Buffalo.EDU> haozhou@acsu.buffalo.edu (hao zhou) writes: >> A further question: >> Is it possible to figure out who have fingered you? > > You could:- > > 1) Search the process table looking for the keyword 'finger'. All this would This only works if the person fingering you is doing so from your machine. It is far more interesting to know the identity of someone out on the net who is fingering you. I believe this is impossible, because the finger protocol requires no authentication - all you can know is the address of the machine on whch the finger request originated, and the port to reply to. I once hacked the finger daemon on TI Explorer Lisp Machines to finger back - when a finger request came in, it fingered @that-machine to get a list of all users and what they were doing. It then cached this away for me to look at later, and use the excellent pattern matcher inside my head to decide who was responsible :-). Also, if the foreign machine did not accept finger connections (as is too often the case these days) it would respond with "Your machine, does not accept finger connections; this is antisocial. Go away." It also detected loops, in case the foreign machine also had a fingerback hack. > 2) Perhaps a more reliable method would be to go and get the active > inode information from a program like pstat. (On Xenix, the option would > be pstat -i). This gives you the device, the inode number and the uid > of all currently active inodes. Therefore you can work out who is > fingering you. I don't follow - are you looking for the user who has your .plan file open? This will be /etc/fingerd. Or maybe you're looking for the user who has /bin/finger open. Again, this only works when being fingered locally. By the way, I highly recommend GNU Finger, available on expo.lcs.mit.edu. It has lots of bells and whistles. One machine is the finger server, and periodically consults finger clients on all the machines on the local net, to maintain a database of who is logged on where, and which machines are idle. Fingering a user at any machine at a site will tell you which machine they are logged on and how long they have been idle (and also the last machine they were logged on if they are logged out now.) It also has a "face" feature built in, with an X11 and SunView interface - "finger -face" transmits a bitmap instead of text. Also it can talk to and be talked to by standard BSD finger servers and clients. -- Jamie