smoot@ut-sally.UUCP (Smoot Carl-Mitchell) (05/16/84)
I uncovered a problem in inews (version 2.10.1 running on 4.2BSD)
when used with sendmail and recnews. Here at sally we have some aliases
set up for some local newsgroups, so users can mail to them
rather than using postnews. This worked fine, except last week
(after a change in our sendmail.cf file) all the articles
posted to those groups had "From:" lines with my name in them.
After a little poking around, I discovered that inews determines
the username by using the environment variable "USER". What was
happening is this. I typically maintain sendmail's configuration
file. Whenever I make a change, I refreeze the configuration file,
kill the daemon and restart it. I do this when "su'ed" to root.
However, the su process and the restarted daemon inherit my "USER"
environment variable.
I have sendmail set up to queue all mail which is delivered via
a pipe to a program (like recnews). At 10 minute intervals the
daemon runs the queue and forks a mailer for each message. Since
we run sendmail suid to root, it very carefully reset the userid
to the sender of the original article. Inews has inherited the
"USER" environment variable (my name) and all the articles
appear as if they were sent by me.
The fix is to eliminate getting the senders name by using the "USER"
environment variable and always using the userid. This fix is
incorporated at Bell Labs in Naperville, Illinois. You can define
IHCC to eliminate the undesirable code in inews.c. The pertinent
section is shown below:
#ifndef IHCC
/*
* We force the use of 'getuser()' to prevent forgery of articles
* by just changing $LOGNAME
*/
if ((user = getenv("USER")) == NULL)
user = getenv("LOGNAME");
if ((home = getenv("HOME")) == NULL)
home = getenv("LOGDIR");
#endif
--
Smoot Carl-Mitchell, CS Dept. University of Texas at Austin
{seismo, ctvax, ihnp4}!ut-sally!smoot, smoot@ut-sally.{ARPA, UUCP}