Yet another finger hole
Brian H. Powell
natinst!brian at cs.utexas.edu
Wed Nov 23 09:38:04 AEST 1988
As distributed, SunOS 4.0 has the same bug. However, since SunOS 4.0 uses
a 4.3BSD-style inetd.conf, you can easily fix it.
Just edit /etc/inetd.conf, and change the line that says:
finger stream tcp nowait root /usr/etc/in.fingerd in.fingerd
to say
finger stream tcp nowait nobody /usr/etc/in.fingerd in.fingerd
This will cause in.fingerd to run as nobody instead of root. Make sure
you've got a nobody in your passwd file. The fix mentioned above (making
in.fingerd owned, grouped, setuid and setgid to nobody/nogroup) also
works.
Brian H. Powell National Instruments Corp.
brian at natinst.uucp 12109 Technology Blvd.
cs.utexas.edu!natinst!brian Austin, Texas 78727-6204
AppleLink:D0351 (512) 250-9119 x832
More information about the Comp.sys.sun
mailing list