finger security hole
byers at UKANVAX.BITNET
byers at UKANVAX.BITNET
Fri Dec 30 08:35:21 AEST 1988
A flexible way to plug the finger security hole without a source license
is to supply your own version of finger in /usr/local. If In.fingerd
finds a /usr/local/finger, it will use that instead of /usr/ucb/finger.
(At least that is the way it is on my SUNOS 4.0 system.) The
/usr/local/finger might do a setiud and setgid and then invoke
/usr/ucb/finger. Alternatively, /usr/local/finger might just apologize
and exit.
R.B.
More information about the Comp.sys.sun
mailing list