Subject: Re: Safe to run fingerd as root?
To: None <NetBSD-help@NetBSD.ORG, rickb@iaw.on.ca>
From: Max Bell <mbell@europa.com>
List: netbsd-help
Date: 04/04/1996 07:17:00
>My home directory isn't publicly readable, but I want to have a .plan or
>.project file. I've changed identd.conf to run fingerd as root. Are there
>any security problems with this? I looked over the code, and I can't see
>any potential problems, but then what do I know.... This is under 1.0, but
>I will be upgrading to 1.1 very soon.
While I am not aware of any security problems with NetBSD 1.0's finger
daemon, running anything that does not _HAVE_ to be root as root is a
Very Bad Idea. You do not have to make your home directory publically
readable for the normal finger daemon to read your finger files -- just
make it world executable (chmod 711 ~). This will allow it to find the
publically readable finger files, but prevents others from taking
directory listings.
>Are there any finger programs that implement logging? I was going to add
>it, but if it's allready out there, why bother...
I'm pretty sure the GNU finger daemon provides logging along with all of its
other "features".
Max