Re: Secure Finger Daemon
my Finger Daemon conclusion...
First, Thanks for all the answers to my question.
Well, so it really seems it's better to avoid using
any finger daemon, security has always priority.
Anyway I thought the finger daemon would be a nice
feature for the .plan files, userinfo and mail info
for the users of my box.
Maybe running fingerd in a chrooted jail as not-root
user would be a secure-like solution, got to think about it.
Thanks again for all the replays,
have a nice time...
-Ivo
On Sat, 2002-01-05 at 19:09, eim wrote:
> Hello,
>
> I'm planing to install a secure finger daemon
> on one of the public boxes I admin.
>
> Well, out there are really many different finger
> daemons and in the Debian stable tree I can find:
>
> * efingerd - Another finger daemon for unix
> capable of fine-tuning your output.
> * xfingerd - BSD-like finger daemon with qmail support.
> * ffingerd - A secure finger daemon
> * fingerd - Remote user information server.
> * cfingerd - Configurable and secure finger daemon
>
> So I've considered using fingered which should be secure.
>
> Often I hear and read about exploited finger daemons which
> gave the attacker system access so I'm asking on this list
> help about the F Daemon.
>
> Which Finger daemon is *really* secure ?
> Shouldn't I install this service at all ?
> Any experiences about compromised systems ?
>
> Thanks for any help !
> Have a nice time,
> - Ivo
>
> --
>
> »« »« »« »« »« »« »« »« »« »« »« »« »« »« »«
> Ivo Marino eim@eimbox.org
> UN*X Developer, running Debian GNU/Linux
> irc.OpenProjects.net #debian
> http://eimbox.org
> »« »« »« »« »« »« »« »« »« »« »« »« »« »« »«
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
--
»« »« »« »« »« »« »« »« »« »« »« »« »« »« »«
Ivo Marino eim@eimbox.org
UN*X Developer, running Debian GNU/Linux
irc.OpenProjects.net #debian
http://eimbox.org
»« »« »« »« »« »« »« »« »« »« »« »« »« »« »«
Reply to: