RFC 1196 (rfc1196) - Page 2 of 12

Finger User Information Protocol

Alternative Format: Original Text Document
< Previous
Next >
RFC 1196                         Finger                    December 1990


  3.1.    Implementation security  ..............................   7
  3.2.    RUIP security  ........................................   7
    3.2.1.  {Q2} refusal  .......................................   7
    3.2.2.  {C} refusal  ........................................   8
    3.2.3.  Atomic discharge  ...................................   8
    3.2.4.  User information files  .............................   8
    3.2.5.  Execution of user programs  .........................   9
    3.2.6.  {U} ambiguity  ......................................   9
    3.2.7.  Audit trails  .......................................   9
  3.3.    Client security  ......................................   9
4.      Examples  ...............................................  10
  4.1.    Example with a null command line ({C})  ...............  10
  4.2.    Example with name specified ({U}{C})  .................  10
  4.3.    Example with ambiguous name specified ({U}{C})  .......  11
  4.4.    Example of query type {Q2} ({U}{H}{H}{C})  ............  11
5.      Acknowledgments  ........................................  12
6.      Security Considerations  ................................  12
7.      Author's Address  .......................................  12

1.  Introduction

1.1.  Intent

   This memo describes the Finger User Information Protocol.  This is a
   simple protocol which provides an interface to a remote user
   information program (RUIP).

   Based on RFC 742, a description of the original Finger protocol, this
   memo attempts to clarify the expected communication between the two
   ends of a Finger connection.  It also tries not to invalidate the
   many current implementations or add unnecessary restrictions to the
   original protocol definition.

   The most prevalent implementations of Finger today seem to be
   primarily derived from the BSD UNIX work at the University of
   California, Berkeley.  Thus, this memo is based around the BSD
   version's behavior.

   However, the BSD version provides few options to tailor the Finger
   RUIP for a particular site's security policy, or to protect the user
   from dangerous data.  Furthermore, there are MANY potential security
   holes that implementors and administrators need to be aware of,
   particularly since the purpose of this protocol is to return
   information about a system's users, a sensitive issue at best.
   Therefore, this memo makes a number of important security comments
   and recommendations.





Zimmerman
< Previous
Next >