Vers 1.8.3 - 9 Jun 94 SFINGERD: sfingerd is a secure replacement for the standard unix finger daemon. The goal is to have the smallest and safest code. History ------- I removed ``fingerd'' from my host when I discovered that giving away information such as last login, account names, etc. to the world could be potential security threats. However, the ability to finger user@host.domain is useful for getting information about email, project, pgp keys, and so on. So I searched for a finger daemon that could be customized in order to reduce such risks. GNU fingerd looked perfect, but it was *huge* and I wasn't even sure it did what I wanted; that is, only distribute static files to the world and no real time information about my host. Availability, disclaimer, etc. -------------------------------- So I wrote ``sfingerd.'' I use it locally and you are encouraged to use it as well. I will gladly accept comments, suggestions, and bug (hah!) reports. I can't promise it's 100% safe; however, I did my best. I hope the source is easy enough to understand such that if you spot any possible problems you can let me know ASAP and I'll fix any glaring errors immediately. (It is now out and running here for monthes, no problem, so I am now almost sure it *is* 100% safe) *Warning* read the instructions in sfingerd.c carefully. A badly configured ``sfingerd'' can be UNSAFE. Please check the source before running it. Get the latest version from ftp://hplyot.obspm.fr/net/sfingerd*.tar.gz It is a GNU like free software. The source code is written by me, Laurent Demailly, It comes AS IS - no warranty, etc. Installation ------------ o Carefully read and edit sfingerd.c, o make, edit the 'make-files' script, run it, change the inetd.conf to use the new daemon, test it, check syslog... sample inetd entry : finger stream tcp nowait root /usr/local/etc/fingerd fingerd DON'T FORGET to put ROOT ^^^^, because it needs it for chroot() call and it later changes it uid to a non priviledged one. o Tell your users to adjust $CHROOT_PATH/ to their needs. Or use the 'update-files' script regulary, it scans the static files built by make-files and update them if the ~user/.plan changed... Enjoy ! dl Thx to ScottM & Omnion for proof reading. Note 1 - ``sfingerd'' distribution now includes PGP signed md5 CHECKSUMS. Note 2 - read the file CHANGES to get information about new features.