> I believe it could be dangeours in some cases, but people from > Sun says that they won't repair the in.fingerd because: Well finger is enabled by default and it runs as nobody... so you can't link to /etc/shadow... finger stream tcp6 nowait nobody /usr/sbin/in.fingerd in.fingerd I think finger even still bounces.. @host@host... > "There are may be legitimate reasons for finger to follow symlinks. If > finger is considered a security issue, it can be disabled. (..)" I think it's an issue of, what is the point of fixing it? > > What do you think ? I won't sleep at night over this one. Matt
This archive was generated by hypermail 2b30 : Thu May 24 2001 - 12:41:45 PDT