On Mon, May 22, 2000 at 07:01:00AM +0000, Rostislav Vorobyev wrote: > Dear friends, > > Can someone explain me why people are not set 4755 permission on a finger > program? I see good reasons to do that: if a user does not allow to see > his/her ~user tree, finger will display .plan, .project and maybe .pgp -- > depends on finger version -- in any case. Maybe is there the special > reasons do not do that? Security? Else?
gah, are you suggesting finger be suid root ??? that fingerd be run as root?? oh my! yes that is a huge security hole. back in the day they used to do exactly that, then users discovered they could symlink .plan to /etc/shadow or any other file they should not be allowed to see, finger themself and cha ching there is /etc/shadow! finger running as root is a very bad thing. if users want thier .plan to show they should chmod a+r on it and chmod a+x $HOME. that will allow finger to see the .plan but not anyone to ls the home directory. of course if they have an insane umask like 022, 002 or such then all there files will be readable to all, the obvious solution of couse is not to use such a horrible umask and use 027 or 007 instead. -- Ethan Benson http://www.alaska.net/~erbenson/
pgpazoJdTf0Nu.pgp
Description: PGP signature
