Re: Pinky command

2009-11-14 Thread Alfred M. Szmidt
a replacement for finger but is instead a lightweight version of it. On my Debian system I have both a 'finger' command and a 'pinky' command and the output is not identical between them. Although they are very similar. Pink just reads utmp, while finger connects

Re: Pinky command

2009-11-12 Thread Alfred M. Szmidt
> The list of uids are already public in the /etc/passwd file. That file > is already world readable. Therefore it isn't clear to me how using > another command makes this a vulnerability. Using fingerd, this could disclose login names to remote attackers. This, of course, does no

Re: Pinky command

2009-11-12 Thread Bob Proulx
know pinky is not a replacement for finger but is instead a lightweight version of it. On my Debian system I have both a 'finger' command and a 'pinky' command and the output is not identical between them. Although they are very similar. Most software distributions that include

RE: Pinky command

2009-11-12 Thread Hemant . Rumde
ug-coreutils@gnu.org Cc: auers...@unix-ag.uni-kl.de; Hemant Rumde; Singh, Sonny Subject: Re: Pinky command Erik Auerswald wrote: > Bob Proulx wrote: > > The list of uids are already public in the /etc/passwd file. That > > file is already world readable. Therefore it isn't cl

Re: Pinky command

2009-11-12 Thread Bob Proulx
Erik Auerswald wrote: > Bob Proulx wrote: > > The list of uids are already public in the /etc/passwd file. That file > > is already world readable. Therefore it isn't clear to me how using > > another command makes this a vulnerability. > > Using fingerd, this could disclose login names to remot

Re: Pinky command

2009-11-11 Thread Erik Auerswald
Hi, On Wed, Nov 11, 2009 at 06:15:32PM -0700, Bob Proulx wrote: > hemant.ru...@us.ing.com wrote: > > In old days, attackers used to create .project symbolic to passwd > > and group files to get the List of login ids and group via > > fingerd. > > The list of uids are already public in the /etc/pa

Re: Pinky command

2009-11-11 Thread Bob Proulx
hemant.ru...@us.ing.com wrote: > In old days, attackers used to create .project symbolic to passwd > and group files to get the List of login ids and group via > fingerd. The list of uids are already public in the /etc/passwd file. That file is already world readable. Therefore it isn't clear to

Pinky command

2009-11-11 Thread Hemant . Rumde
Hi GNU Bug fixers, I am old school and has been using finger ( without fingerd for security reasons ) on Unix. Today I came across pinky on RedHat Linux. The man page of this command specified your email address. In old days, attackers used to create .project symbolic to passwd and group file