Path: utzoo!utgpu!watmath!clyde!att!ucbvax!husc6!rice!sun-spots-request
From: trinkle@purdue.edu
Newsgroups: comp.sys.sun
Subject: Re: Yet another finger hole
Message-ID: <8811221910.AA24969@bors.cs.purdue.edu>
Date: 3 Dec 88 22:22:28 GMT
Sender: usenet@rice.edu
Organization: Rice University, Houston, Texas
Lines: 16
Approved: Sun-Spots@rice.edu
Original-Date: Tue, 22 Nov 88 14:10:28 EST
X-Sun-Spots-Digest: Volume 7, Issue 36, message 1 of 12

The only inconvenience of changing fingerd to run as "nobody", is that
nobody has a uid (type uid_t == unsigned int) of -2.  In SunOS 4.0, Sun is
very careful (ha ha) to handle all uids as type uid_t.  This makes
/usr/etc/sa complain about preposterous user ids of 65534 every time sa is
run.  It is too bad Sun has hardcoded a totally bogus user id into the
kernel (and it has been perpetuated by other vendors that support NFS out
of necessity), or it would be simple enough to change nobody to a
reasonable uid.

This unnecessary annoyance is still a small price to pay for the added
security of running fingerd as nobody.

Daniel Trinkle			trinkle@cs.purdue.edu			ARPA
Department of Computer Sciences	trinkle%purdue.edu@relay.cs.net		CSNET
Purdue University		{ucbvax,decvax}!purdue!trinkle		UUCP
West Lafayette, IN 47907	(317) 494-7844				PHONE