home *** CD-ROM | disk | FTP | other *** search
- This archive contains version 1.04 of the sources, executables and man
- pages for replacements of the finger and finger daemon supplied by
- NeXT.
-
- WARNING: Versions of this package prior to version 1.04 contain a
- potential security problem which could allow local users unauthorized
- access to local files. This hole has been removed in this release.
- Every user of an earlier version if _very_ strongly encouraged to
- upgrade which should imply nothing more than a 'make install' while
- logged in as root.
-
- Why switch ?
- ------------
-
- 1. The supplied finger and fingerd are based upon the BSD network
- release 2 sources, not the antediluvian ones used by NeXT. This means
- that the output format will in general be more pleasant, compact and
- complete that the rather grungy one used by the NeXT supplied finger.
-
- 2. This finger/fingerd combination has been modified to understand
- executable .plan, .project and .forward files. Instead of being
- displayed these files will be executed if their execute bit is set.
- This allows you to greatly and easily customize your responses upon
- being fingered. Possibilities which come to mind are fortune cookies,
- chained fingers to other hosts, or simply alerting you to the fact
- that you've been fingered.
-
- This solution for the same problem has at least three advantages over
- the commonly used one of named pipes.
- a) Named pipes require a constantly running daemon process
- b) This solution also works if the home directories are NFS
- mounted
- c) NeXT doesn't support named pipes.
-
- 3. In addition, my modified finger daemon reliably finds the host name
- of the fingerer and also the user name of the fingerer if the remote
- site supports the RFC931 user authentication protocol. The executable
- .plan, .project and .forward files will receive the Internet address
- of the fingerer as their first argument.
-
- 4. Despite these additions the binaries of the modified finger and
- fingerd are only half the size of the unmodified ones.
-
- Installation
- ------------
-
- The complete sources for both finger and fingerd are in this archive.
- To recompile fingerd however requires the authuser library which is
- freely available in the nidentd2.0.tar.Z package available from all
- major NeXT ftp sites.
-
- Fingerd can be installed anywhere, though /usr/local/etc seems like a
- good place. Finger must be installed in /usr/local/bin as its path is
- hardcoded into fingerd. Finger should be installed set-uid root. To
- enable the new fingerd, you have to modify /etc/inetd.conf. An
- unmodified inetd.conf should contain a line like this:
-
- finger stream tcp nowait nobody /usr/etc/fingerd fingerd
-
- Change this to:
-
- finger stream tcp nowait root /usr/local/etc/fingerd fingerd
-
- Now, to have these changes take effect
-
- % kill -HUP <pid of inetd>
-
- or simply reboot.
-
- If you are very security conscious, you can also install the modified
- finger without set-uid root and the keep the "nobody" in the
- /etc/inetd.conf file, but you will lose the ability to execute files
- from finger.
-
- The man pages for this distribution have been typeset using the new
- nroff macros from the BSD network release 2 which means that the
- standard NeXT man will not understand them. You can either get the new
- macros from ftp.uu.net:/packages/bsd-sources or use the pre-formatted
- man pages in this archive.
-
- Warnin
- -------
-
- The .plan and .project files are only read by finger, so you can of
- course put whatever binary you want there. But the .forward file is
- also used by sendmail and placing a random binary there might look
- cute when you are fingered, but might seriously confuse sendmail. As a
- matter of fact, if anybody finds reasonable use for having an
- executable .forward file, I'd be grateful if he lets me know about it.
-
- If you have any other questions regarding these programs, feel free to
- email me. If you want to have see how the modified finger looks and
- what it can do try fingering cedman@714-725-3165.nts.uci.edu.
-
- Carl Edman
- <cedman@golem.ps.uci.edu>
-