Vulnerability Development mailing list archives

Re: report finger gives long list of users

From: Edsel Adap <edsel () ADAP ORG>
Date: Wed, 28 Mar 2001 10:22:42 -0500

On my solaris machine it gives also a list of users with full names
configured in /etc/passwd:
alice:~> finger 1234567890@alice
[alice]
Login       Name               TTY         Idle    When    Where
daemon          ???                         < .  .  .  . >
bin             ???                         < .  .  .  . >
sys             ???                         < .  .  .  . >
mikeg     Mike Guo                          < .  .  .  . >
vladimir  Vladimir Dragiev --               < .  .  .  . >
ktcheung  Karen Cheung - Cust               < .  .  .  . >
fldtrng         ???                         < .  .  .  . >
vikram   Vikram Hegde - Custo               < .  .  .  . >

But not all names are listed... and I haven't figured out what the
pattern of selection is.

On Wed, Mar 28, 2001 at 11:19:23AM +0800, warning3 wrote:

If you use digits as username, Solaris "finger" will list the users who have not
configured full name in /etc/passwd.

I heard that DG-UX  has this "feature" too.

[root@ /]> uname -sr
SunOS 5.6
[root@ /]> cat /etc/passwd
root:x:0:1:Super-User:/:/bin/bash
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
smtp:x:0:0:Mail Daemon User:/:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:x:37:4:Network Admin:/usr/net/nls:
nobody:x:60001:60001:Nobody:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x Nobody:/:
blah:x:501:100::/export/home/blah:/bin/sh

[root@ /]> finger 1234567@localhost
[localhost]
Login       Name               TTY         Idle    When    Where
daemon          ???                         < .  .  .  . >
bin             ???                         < .  .  .  . >
sys             ???                         < .  .  .  . >
blah            ???            pts/1        <Mar  7 21:55> xx.xx.xx.xx



---Original Message---

From : "Larry W. Cashdollar" <lwc () VAPID DHS ORG>

Date : Fri, 23 Mar 2001 12:37:12 -0500

This is actually an old problem where you could finger 0@sunhost and get a
list of users.  It appears it still works for solaris 2.7, not sure about
2.8.



Regards,
warning3 <warning3 () nsfocus com>
http://www.nsfocus.com


--
Edsel Adap
edsel () adap org
http://www.adap.org/~edsel/          LINUX - the choice of the GNU generation

"Netscape is an application which grows to fill all available memory."  - me

Current thread:

report finger gives long list of users Jens Hektor (Mar 20)
- Re: report finger gives long list of users John Galt (Mar 23)
  - Re: report finger gives long list of users Jens Hektor (Mar 23)
  - Re: report finger gives long list of users Larry W. Cashdollar (Mar 25)
    - Re: report finger gives long list of users warning3 (Mar 28)
    - Re: report finger gives long list of users Joseph Nicholas Yarbrough (Mar 28)
    - Re: report finger gives long list of users Juan M. Courcoul (Mar 28)
    - Re: report finger gives long list of users Air Force Guy (Mar 28)
    - Re: report finger gives long list of users Meritt James (Mar 28)
    - Re: report finger gives long list of users Edsel Adap (Mar 28)
    - Re: report finger gives long list of users olle (Mar 28)
- <Possible follow-ups>
- Re: report finger gives long list of users Robert G. Ferrell (Mar 28)
- Re: report finger gives long list of users Schott, Erik (CORP, GEAccess) (Mar 28)