An important thing to remember in UNIX security
is that It Is Usually Not That Simple.
You have to consider the implications of everything
; if you want to keep someone from doing something, you can not
do it unless you consider every possible way
they could have of doing said thing.
Yes, the last modification above will help user privacy, and keep most users from seeing the other users' info. But if i were a user on Andukar's box, and i really wanted to see someone else's last information, i could just say:
cat /var/log/wtmp|perl -e 'undef $/;$_=<>;s/[^\w\.-]+/\n/sg;print $_;'|less
Which is, as it happens, exactly what i did when i had to use last
on a box where the binary was broken! Try it.
You've modified who or w for user privacy, sure, but who says they have to use your mods? What's to keep users from compiling their own who or w or finger binaries, or talking to fingerd themselves, or reading the data files fingerd uses? (Note: That is an honest question-- for all i know, modifying who and w the way described in those other nodes may be sufficient. I do not know exactly how who and w work, or even if bsd uses fingerd or what.)
You have to keep cause and effect in mind, and if you close off an interface make damn sure you close off the stuff that makes that interface work as well. In fact, it's usually better to close things off as close to the source as possible-- say, instead of restricting who or w, restrict the source who and w get their information from. (This may, of course, not be possible) (assuming BSD uses fingerd, of course) so that there are as few moving parts as possible.
Now, of course, for all i know, andukar has set up his box in such a way as /var/log/wtmp is only accessible through last, meaning his setup is completely secure, but if he has i don't know how he did it, and i do know that such a setup will not be the default in your average *n?x setup.
Never trust a quick-fix; more often than not you are merely leading yourself into a sense of false security. Like the windows nt administrator at our school who restricted the users to only be able to run a handful of approved programs, causing huge problems for those of us who urgently needed to be able to run a non-approved program-- for example, Calculator-- but then did absolutely NOTHING to prevent a user from taking a non-approved program and renaming it to notepad.exe, magically making it one of the programs on the approved list. (Restrictions != security!)