Mailing List Archive

Support open source code!


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

tlug: finger security



--------------------------------------------------------
tlug note from Jim Schweizer <schweiz@example.com>
--------------------------------------------------------
Hi all,

This may not be news to y'all, but I was messing around with
finger and the .plan and .project files. On a lark, I made .plan
a symbolic link to /etc/passwd and lo and behold fingering my
account showed the password file. I suppose if the finger daemon
is running as root you could view the contents of any file on
the system this way.

If I was running a network I'd probably either replace finger
with ph (phone book available from
ftp://vixen.cso.uiuc.edu/pub/ph.tar.gz ) or use a shell script
that prints a message telling people how to contact me.

Regards,

Jim S.

----------------------------------------------
Sent by: Jim Schweizer <schweiz@example.com>
On: 20-Aug-97 at: 13:58:36 JST
http://www1.harenet.or.jp/~schweiz/
Why does man kill?  He kills for food.  And not only food:
frequently there must be a beverage.
                -- Woody Allen, "Without Feathers"
----------------------------------------------
Next TLUG meeting is Saturday October 11, 1997
-----------------------------------------------------------------
a word from the sponsor will appear below
TWICS - Japan's First Public-Access Internet System.
www.twics.com  info@example.com  Tel:03-3351-5977  Fax:03-3353-6096


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links