a replacement for finger but is instead
a lightweight version of it. On my Debian system I have both a
'finger' command and a 'pinky' command and the output is not identical
between them. Although they are very similar.
Pink just reads utmp, while finger connects
> The list of uids are already public in the /etc/passwd file. That file
> is already world readable. Therefore it isn't clear to me how using
> another command makes this a vulnerability.
Using fingerd, this could disclose login names to remote attackers.
This, of course, does no
know pinky is not a replacement for finger but is instead
a lightweight version of it. On my Debian system I have both a
'finger' command and a 'pinky' command and the output is not identical
between them. Although they are very similar.
Most software distributions that include
ug-coreutils@gnu.org
Cc: auers...@unix-ag.uni-kl.de; Hemant Rumde; Singh, Sonny
Subject: Re: Pinky command
Erik Auerswald wrote:
> Bob Proulx wrote:
> > The list of uids are already public in the /etc/passwd file. That
> > file is already world readable. Therefore it isn't cl
Erik Auerswald wrote:
> Bob Proulx wrote:
> > The list of uids are already public in the /etc/passwd file. That file
> > is already world readable. Therefore it isn't clear to me how using
> > another command makes this a vulnerability.
>
> Using fingerd, this could disclose login names to remot
Hi,
On Wed, Nov 11, 2009 at 06:15:32PM -0700, Bob Proulx wrote:
> hemant.ru...@us.ing.com wrote:
> > In old days, attackers used to create .project symbolic to passwd
> > and group files to get the List of login ids and group via
> > fingerd.
>
> The list of uids are already public in the /etc/pa
hemant.ru...@us.ing.com wrote:
> In old days, attackers used to create .project symbolic to passwd
> and group files to get the List of login ids and group via
> fingerd.
The list of uids are already public in the /etc/passwd file. That file
is already world readable. Therefore it isn't clear to
Hi GNU Bug fixers,
I am old school and has been using finger ( without fingerd for security
reasons ) on Unix.
Today I came across pinky on RedHat Linux. The man page of this command
specified your email address.
In old days, attackers used to create .project symbolic to passwd and
group file