Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!mit-eddie!uw-beaver!rice!sun-spots-request
From: byers@UKANVAX.BITNET
Newsgroups: comp.sys.sun
Subject: finger security hole
Message-ID: <8812171532.AA15835@rice.edu>
Date: 29 Dec 88 22:35:21 GMT
Sender: usenet@rice.edu
Organization: Sun-Spots
Lines: 9
Approved: Sun-Spots@rice.edu
Original-Date: Sat, 17 Dec 1988 09:32:13.82 CST
X-Sun-Spots-Digest: Volume 7, Issue 77, message 9 of 14

A flexible way to plug the finger security hole without a source license
is to supply your own version of finger in /usr/local.  If In.fingerd
finds a /usr/local/finger, it will use that instead of /usr/ucb/finger.
(At least that is the way it is on my SUNOS 4.0 system.)  The
/usr/local/finger might do a setiud and setgid and then invoke
/usr/ucb/finger.  Alternatively, /usr/local/finger might just apologize
and exit.

R.B.