bill@unixland.uucp (Bill Heiser) (04/29/91)
Lately I've seen numerous "control message looks unsafe to execute"
messages. Have other people seen these? What is it that they're
detecting? Is someone "really" trying to do something bad?
--
bill@unixland.uucp The Think_Tank BBS & Public Access Unix
...!uunet!think!unixland!bill
...!{uunet,bloom-beacon,esegue}!world!unixland!bill
508-655-3848 (2400) 508-651-8723 (9600-HST) 508-651-8733 (9600-PEP-V32)henry@zoo.toronto.edu (Henry Spencer) (04/29/91)
In article <1991Apr28.175618.8934@unixland.uucp> bill@unixland.uucp (Bill Heiser) writes: >Lately I've seen numerous "control message looks unsafe to execute" >messages. Have other people seen these? What is it that they're >detecting? Is someone "really" trying to do something bad? We see them occasionally. Typically it means control messages that have metacharacters in them and hence can't safely be handed to the shell. The usual cause is people who can't spell "cancel". The cancel handler is built into relaynews for several reasons, and its argument is a <>bracketed message ID. Almost any misspelling (e.g. capitalizing it) means that it does not get recognized as a built-in and gets considered for execution as a normal control message, at which point the <> causes rejection. -- And the bean-counter replied, | Henry Spencer @ U of Toronto Zoology "beans are more important". | henry@zoo.toronto.edu utzoo!henry
geoff@world.std.com (Geoff Collyer) (05/03/91)
[ Hoist by me own petard! The date on world was a month in the future when I posted the original of this message, so some sites will have rejected the original. Yes, we probably should be running xntpd. ] Bill Heiser: >Lately I've seen numerous "control message looks unsafe to execute" >messages. Have other people seen these? What is it that they're >detecting? Is someone "really" trying to do something bad? "control `foo' looks unsafe to execute" means that `foo' contains a shell metacharacter or a slash. It could be due to an error constructing the control message or it could a real attempt to do something nasty; likely the former. In the latter case, the potential damage is somewhat limited anyway since control messages run under your `news' userid. Eventually these complaints will be demoted to just a log file entry. -- Geoff Collyer world.std.com!geoff, uunet.uu.net!geoff