Provided by: ffingerd_1.28-5_i386 bug


       ffingerd - secure and lightweight finger daemon


       The  ffingerd program is a drop-in replacement for the standard fingerd
       that comes with most systems today.  Most finger daemons in  use  today
       support  several  features  which  are  not  acceptable  for  security-
       conscious system administrators, so many chose to  disable  the  finger
       service  completely.   This  version of the finger daemon is invoked by
       inetd, but it’s not meant to be run as root.  In fact, it should run as
       nobody.   Ffingerd does not allow global finger queries (finger @host),
       indirect finger queries (finger foo@host.a@host.b), it  does  not  give
       away  valuable  information like the shell, login directory and time of
       last login, and users can put a ".nofinger" file  in  their  homes  and
       then  ffingerd  will  respond  with  "That  user  does  not  want to be


       Requests that may indicate attacks are logged by ffingerd  through  the
       syslog(3)  facility.   The default facility is LOG_INFO, you can change
       that by editing config.h after running configure.

       These requests are logged :

       empty finger attempts
              finger  # find out who’s logged in

       indirect finger attempts
                   # to this finger query comes from

       unwanted finger attempts
              Users can put .nofinger files in their home, and  then  attempts
              to finger them will yield

              That user does not want to be fingered


       ~/.nofinger, ~/.plan, ~/.project, ~/.pubkey


       When  ffingerd  is  running  as  nobody  and a user does not have world
       execute permission set for  his  home,  then  ffingerd  can  not  check
       whether  that  user  has  a  .nofinger  file there and assumes it’s not



       Felix von Leitner (,