Re: What is the problem with Finger?

Article: 7552 of alt.hackers
From: wsantee@cyberspace.com (Wes Santee)
Newsgroups: alt.hackers
Subject: Re: What is the problem with Finger?
Date: 27 Mar 1995 13:41:30 -0800
Organization: Cyberlink Communications (206) 281-5397
Lines: 31
Approved: fingerd
Message-ID: 3l7bea$1hu@case.cyberspace.com
NNTP-Posting-Host: case.cyberspace.com
Status: RO

Gary Barnes sez:
>In article <3l4s01$427@geraldo.cc.utexas.edu>,
>Ayman M. El-Khashab <ayman@ccwf.cc.utexas.edu> wrote:
>::>[finger poses..ahem...security threat]
>:
>:: So, I'll bite. Does anyone know what the security hole is in finger? I
>:: can understand not wanting to have anyone be able to finger in, but why
>:: wouldn't the admins what me to finger out?
>:
>[because it shows everybody logged on]

Ah, but let us not forget!  If your admin is *really* paranoid, they
might think that their finger daemon is still somehow easy prey for
Robert Morris' Internet Worm!  Can't allow a finger request to overrun
the fingerd call stack now, can we! :)

ObHack:

Ummm...jeez, I've just been doing straight programming as of late.  Oh
wait, here's one:  My roommate's bed has a weak center support beam
underneath, so I took all of my OS/2 Extended Services books and
stuffed them under the support beam so it wouldn't break.
There...elegant AND computer related (er..well, indirectly anyway).

Cheers,

--
( -Wes Santee              | I feel my body weakened by the years      )
( wsantee@cyberspace.com   | As people turn to gods of cruel design    )
( O S / 2  W A R P         | Could it be they fear the pain of death?  )
(                          | Or could it be they fear the joy of life? )

Back to index