Newsgroups: news.software.b
Path: utzoo!henry
From: henry@zoo.toronto.edu (Henry Spencer)
Subject: Re: Restricting article posting with C News...
Message-ID: <1991Jan10.213702.9298@zoo.toronto.edu>
Organization: U of Toronto Zoology
References: <1991Jan9.182948.5855@ucunix.san.uc.edu> <1991Jan9.201748.4682@zoo.toronto.edu> <3113@crdos1.crd.ge.COM>
Date: Thu, 10 Jan 1991 21:37:02 GMT

In article <3113@crdos1.crd.ge.COM> davidsen@crdos1.crd.ge.com (bill davidsen) writes:
>  Relaynews or mail or whatever, yes, but at least with B news (on my
>site) a lot of the news software is setuid news and a user won't be able
>to run his (her) own copy.

This is one small disadvantage of using a lot of shell files:  in general
they have to be readable, and making them setuid isn't entirely safe, so
they're open to being copied and modified by users.

We rejected trying to do anything about posting security mostly because
it is so easy to subvert it -- on either B News or C News -- that we felt
it was wasted effort.  For example, there is no easy and portable way to
be sure that a batch showing up in the uucp queues is really from the
site the articles in it claim to be from, or indeed that it is from a
remote site at all.
-- 
If the Space Shuttle was the answer,   | Henry Spencer at U of Toronto Zoology
what was the question?                 |  henry@zoo.toronto.edu   utzoo!henry
