Path: utzoo!utgpu!attcan!uunet!lll-winken!lll-tis!ames!ncar!mailrus!cornell!uw-beaver!rice!sun-spots-request
From: gandalf@csli.stanford.edu (Juergen Wagner)
Newsgroups: comp.sys.sun
Subject: Re: Yet another finger hole
Message-ID: <8812060318.AA00224@rice.edu>
Date: 15 Dec 88 23:10:37 GMT
References: <pb.88.11.23.09:10.118@scaup>
Sender: usenet@rice.edu
Organization: Rice University, Houston, Texas
Lines: 8
Approved: Sun-Spots@rice.edu
Original-Date: Mon, 5 Dec 88 19:17:37 PST
X-Sun-Spots-Digest: Volume 7, Issue 58, message 8 of 14

Why bother to change in.fingerd? The easiest fix would be to change
*finger* to setuid/setgid nobody, and if you don't like the uid 65534
reports, makeup a new user/group 'finger' with a unique uid/gid. Until you
fix the source of 'finger', this will do. And if you are fixing the
source, you could disallow all symbolic links for .plan/.project (easy fix
if you have source).

Juergen Wagner		gandalf@csli.stanford.edu
			wagner@arisia.xerox.com