Who's fingering me? (was Re: how to put a program into a .plan file)

Jamie Zawinski jwz at lucid.com
Sun Sep 30 16:19:08 AEST 1990 

In article <1990Sep29.141154.3546 at ibmpcug.co.uk> dylan at ibmpcug.co.uk (Matthew Farwell) writes:
> In article <38200 at eerie.acsu.Buffalo.EDU> haozhou at acsu.buffalo.edu (hao zhou) writes:
>> A further question:
>>       Is it possible to figure out who have fingered you?
>
> You could:- 
>
> 1) Search the process table looking for the keyword 'finger'. All this would

This only works if the person fingering you is doing so from your machine.
It is far more interesting to know the identity of someone out on the net
who is fingering you.  I believe this is impossible, because the finger
protocol requires no authentication - all you can know is the address of the
machine on whch the finger request originated, and the port to reply to.  I
once hacked the finger daemon on TI Explorer Lisp Machines to finger back -
when a finger request came in, it fingered @that-machine to get a list of
all users and what they were doing.  It then cached this away for me to look
at later, and use the excellent pattern matcher inside my head to decide who
was responsible :-).  Also, if the foreign machine did not accept finger
connections (as is too often the case these days) it would respond with
"Your machine, <machine name here> does not accept finger connections; this
is antisocial.  Go away."

It also detected loops, in case the foreign machine also had a fingerback
hack.

> 2) Perhaps a more reliable method would be to go and get the active
>    inode information from a program like pstat. (On Xenix, the option would
>    be pstat -i). This gives you the device, the inode number and the uid
>    of all currently active inodes. Therefore you can work out who is
>    fingering you.

I don't follow - are you looking for the user who has your .plan file open?
This will be /etc/fingerd.  Or maybe you're looking for the user who has
/bin/finger open.  Again, this only works when being fingered locally.

By the way, I highly recommend GNU Finger, available on expo.lcs.mit.edu.
It has lots of bells and whistles.  One machine is the finger server, and
periodically consults finger clients on all the machines on the local net,
to maintain a database of who is logged on where, and which machines are
idle.  Fingering a user at any machine at a site will tell you which machine
they are logged on and how long they have been idle (and also the last
machine they were logged on if they are logged out now.)  It also has a
"face" feature built in, with an X11 and SunView interface - "finger -face"
transmits a bitmap instead of text.  Also it can talk to and be talked to by
standard BSD finger servers and clients.

		-- Jamie

More information about the Comp.unix.programmer mailing list