Path: utzoo!utgpu!watmath!clyde!att!ucbvax!husc6!rice!sun-spots-request From: trinkle@purdue.edu Newsgroups: comp.sys.sun Subject: Re: Yet another finger hole Message-ID: <8811221910.AA24969@bors.cs.purdue.edu> Date: 3 Dec 88 22:22:28 GMT Sender: usenet@rice.edu Organization: Rice University, Houston, Texas Lines: 16 Approved: Sun-Spots@rice.edu Original-Date: Tue, 22 Nov 88 14:10:28 EST X-Sun-Spots-Digest: Volume 7, Issue 36, message 1 of 12 The only inconvenience of changing fingerd to run as "nobody", is that nobody has a uid (type uid_t == unsigned int) of -2. In SunOS 4.0, Sun is very careful (ha ha) to handle all uids as type uid_t. This makes /usr/etc/sa complain about preposterous user ids of 65534 every time sa is run. It is too bad Sun has hardcoded a totally bogus user id into the kernel (and it has been perpetuated by other vendors that support NFS out of necessity), or it would be simple enough to change nobody to a reasonable uid. This unnecessary annoyance is still a small price to pay for the added security of running fingerd as nobody. Daniel Trinkle trinkle@cs.purdue.edu ARPA Department of Computer Sciences trinkle%purdue.edu@relay.cs.net CSNET Purdue University {ucbvax,decvax}!purdue!trinkle UUCP West Lafayette, IN 47907 (317) 494-7844 PHONE