Andreas Bogk (andreas@ANDREAS.ORG)
Sat, 3 Jul 1999 17:19:41 -0400
"Larry W. Cashdollar" <lwcashd@BIW.COM> writes:
> An easy and quick Patch for cfingerd 1.3.2. if you really need to run finger.
If you _really_ want to run finger without having to worry, you should
use dfingerd by David Lichteblau. It is modelled after ffingerd by
Felix von Leitner.
The ffingerd blurb says:
It disallows symbolic links as ~/.plan and ~/.project files, does not
display unnecessary but potentially useful information for an attacker,
like the shell or the home directory and disallows indirect and @host
queries. A compile time option is fascist logging (even positive queries
are syslogged).
You can get ffingerd at
ftp://ftp.fu-berlin.de/pub/unix/security/ffingerd/ffingerd-1.21.tar.gz
dfingerd has an identical feature set, but is written in Dylan. Since
amongst the many features of Dylan are bounds checking for arrays and
dynamically growing strings, this should eliminate all buffer
overflows and associated exploits. You can find out about Dylan at:
and you can get dfingerd at
ftp://berlin.ccc.de/pub/gd/contributions/dfingerd-0.2.tar.gz
Andreas
-- "We show that all proposed quantum bit commitment schemes are insecure because the sender, Alice, can almost always cheat successfully by using an Einstein-Podolsky-Rosen type of attack and delaying her measurement until she opens her commitment." ( http://xxx.lanl.gov/abs/quant-ph/9603004 )
This archive was generated by hypermail 2.0b3 on Sun Aug 08 1999 - 09:38:43 CEST