Go to the first, previous, next, last section, table of contents.
One question that often arises when installing networking software which
adds new functionality is whether it can be considered sufficiently
secure. The most significant new function in GNU Finger with regard to
security is the ability for a user to have a `.fingerrc' in the
home directory. The following are the precautions take by GNU Finger:
-
Check whether `.fingerrc' is writable to anyone except the owner.
Notice that check is not enabled by default, since FSF users like anyone
to be able to write any file -- enable this check during installation by
editing `config.h'.
-
Check whether `.fingerrc' is owned by the user in whose home
directory it's found. This, like the previous check, is disabled by
default. It really only makes sense on systems where ordinary users
can't give away their files.
-
Execute the script through the user's login shell, using the command
"shell -c script". This means that a user who has had his
account disabled (i.e. shell set to a program that prints a notice or
just dies) can't run a `.fingerrc' script. This behavior can be
changed by hard-coding the shell in `config.h'.
Go to the first, previous, next, last section, table of contents.