Re: Pinky command

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pinky command

From:	Alfred M. Szmidt
Subject:	Re: Pinky command
Date:	Thu, 12 Nov 2009 18:27:00 -0500

   > The list of uids are already public in the /etc/passwd file.  That file
   > is already world readable.  Therefore it isn't clear to me how using
   > another command makes this a vulnerability.

   Using fingerd, this could disclose login names to remote attackers.
   This, of course, does not apply to local invokation of some tool that
   uses normal user privileges.

But running fingerd already discloses login names, that is the whole
point of finger.

[Prev in Thread]

Current Thread

[Next in Thread]

Pinky command, Hemant . Rumde, 2009/11/11
- Re: Pinky command, Bob Proulx, 2009/11/11
  - Re: Pinky command, Erik Auerswald, 2009/11/12
    - Re: Pinky command, Bob Proulx, 2009/11/12
    - RE: Pinky command, Hemant . Rumde, 2009/11/12
    - Re: Pinky command, Bob Proulx, 2009/11/12
    - Re: Pinky command, Alfred M. Szmidt, 2009/11/14
    - Re: Pinky command, Alfred M. Szmidt <=

Prev by Date: Re: Pinky command
Next by Date: Re: getgroups improvements
Previous by thread: Re: Pinky command
Next by thread: update to latest gnulib
Index(es):
- Date
- Thread