Hi! Well, running it chrooted will prevent it from accessing the .plan files and all the other information you want to provide via finger service. At least if you provide a correct chroot environment. Anything providing access to files outside the chroot environment would be a security issue again. I mean, you can actually update the information in the finger sandbox using some kind of cronjob. This won't be accurate and may require some patches to the fingerd. Better think about a different way to provide the information you want to offer.
Best regards and happy thinking, Oliver-who-is-quite-angry-about-getting-a-notebook-where-you-cant-run-linux-on -without-severe-constraints-on-functionality ;) > -----Original Message----- > From: eim [mailto:[EMAIL PROTECTED] > Sent: Sunday, January 06, 2002 11:45 PM > To: Debian-Security List > Subject: Re: Secure Finger Daemon > > > my Finger Daemon conclusion... > > First, Thanks for all the answers to my question. > > Well, so it really seems it's better to avoid using > any finger daemon, security has always priority. > > Anyway I thought the finger daemon would be a nice > feature for the .plan files, userinfo and mail info > for the users of my box. > > Maybe running fingerd in a chrooted jail as not-root > user would be a secure-like solution, got to think about it. > > Thanks again for all the replays, > have a nice time... > -Ivo > > On Sat, 2002-01-05 at 19:09, eim wrote: > > Hello, > > > > I'm planing to install a secure finger daemon > > on one of the public boxes I admin. > > > > Well, out there are really many different finger > > daemons and in the Debian stable tree I can find: > > > > * efingerd - Another finger daemon for unix > > capable of fine-tuning your output. > > * xfingerd - BSD-like finger daemon with qmail support. > > * ffingerd - A secure finger daemon > > * fingerd - Remote user information server. > > * cfingerd - Configurable and secure finger daemon > > > > So I've considered using fingered which should be secure. > > > > Often I hear and read about exploited finger daemons which > > gave the attacker system access so I'm asking on this list > > help about the F Daemon. > > > > Which Finger daemon is *really* secure ? > > Shouldn't I install this service at all ? > > Any experiences about compromised systems ? > > > > Thanks for any help ! > > Have a nice time, > > - Ivo > > > > -- > > > > »« »« »« »« »« »« »« »« »« »« »« »« »« »« »« > > Ivo Marino [EMAIL PROTECTED] > > UN*X Developer, running Debian GNU/Linux > > irc.OpenProjects.net #debian > > http://eimbox.org > > »« »« »« »« »« »« »« »« »« »« »« »« »« »« »« > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > > > -- > > »« »« »« »« »« »« »« »« »« »« »« »« »« »« »« > Ivo Marino [EMAIL PROTECTED] > UN*X Developer, running Debian GNU/Linux > irc.OpenProjects.net #debian > http://eimbox.org > »« »« »« »« »« »« »« »« »« »« »« »« »« »« »« > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > >
