ggw%wolves@cs.duke.edu (Gregory G. Woodbury) (02/04/91)
For the first time, I find that I have a real problem with a piece of the C-news software. I understand that Henry and Geoff want relaynews to be small, fast and efficient, but given the abuses that certain sites and persons are perpetrating on the net I would like to at least try a minimal set of checking on who is canceling what. I've read through the control.c file in relay, but don't quite fathom all the details and don't feel quite confident enough at the moment to tackle it alone. Has anyone else felt the desire to have the cancel command be a bit more controlled in Cnews? Can you post or send me the changes that you implemented? Am I barking at the moon? -- Gregory G. Woodbury @ The Wolves Den UNIX, Durham NC UUCP: ...dukcds!wolves!ggw ...mcnc!wolves!ggw [use the maps!] Domain: ggw@cds.duke.edu ggw%wolves@mcnc.mcnc.org [The line eater is a boojum snark! ] <standard disclaimers apply>
henry@zoo.toronto.edu (Henry Spencer) (02/05/91)
In article <1991Feb4.002104.12830@wolves.uucp> ggw%wolves@cs.duke.edu (Gregory G. Woodbury) writes: >Has anyone else felt the desire to have the cancel command be a bit more >controlled in Cnews? ... The desire, yes... but the flesh is weak. :-) The problem is that forging news articles (including control messages) is trivial, and there is no simple check that cannot be bypassed easily by the determined canceller. -- "Maybe we should tell the truth?" | Henry Spencer at U of Toronto Zoology "Surely we aren't that desperate yet." | henry@zoo.toronto.edu utzoo!henry
david@elroy.jpl.nasa.gov (David Robinson) (02/05/91)
In article <1991Feb4.185130.6956@zoo.toronto.edu> henry@zoo.toronto.edu (Henry Spencer) writes: <In article <1991Feb4.002104.12830@wolves.uucp> ggw%wolves@cs.duke.edu (Gregory G. Woodbury) writes: <>Has anyone else felt the desire to have the cancel command be a bit more <>controlled in Cnews? ... < <The desire, yes... but the flesh is weak. :-) The problem is that forging <news articles (including control messages) is trivial, and there is no <simple check that cannot be bypassed easily by the determined canceller. One possible solution is to create some easy to use option that allows system administrators to disable the automatic canceling. Other control messages are easily configured via shell scripts in NEWSBIN/ctl but cancel is hardwired in to relaynews for efficiency sake. Why not put a simple check in relaynews to see if a NEWSBIN/ctl/cancel script exists and run it, if not continue as things are done now? Now if we can just give Henry and Geoff a few hundred extra paid hours to implement all these features we would be in news heaven! :-) -- David Robinson david@elroy.jpl.nasa.gov {decwrl,usc,ames}!elroy!david Disclaimer: No one listens to me anyway! "Once a new technology rolls over you, if you're not part of the steamroller, you're part of the road." - Stewart Brand
urlichs@smurf.sub.org (Matthias Urlichs) (02/07/91)
In news.software.b, article <1991Feb4.185130.6956@zoo.toronto.edu>, henry@zoo.toronto.edu (Henry Spencer) writes: < In article <1991Feb4.002104.12830@wolves.uucp> ggw%wolves@cs.duke.edu (Gregory G. Woodbury) writes: < >Has anyone else felt the desire to have the cancel command be a bit more < >controlled in Cnews? ... < < The desire, yes... but the flesh is weak. :-) The problem is that forging < news articles (including control messages) is trivial, and there is no < simple check that cannot be bypassed easily by the determined canceller. And on the other hand, almost every check will fail for some cases. Messages travel different paths; people post from different machines; News software inserts "Sender:" headers (and others get mangled sometimes); et al. Maybe it would be a better idea to "chmod 000" the cancelled article. That way, it can at least be restored easily if the Cancel was forged. How about an "uncancel" control message to restore such an article, while we're at it? -- Matthias Urlichs -- urlichs@smurf.sub.org -- urlichs@smurf.ira.uka.de /(o\ Humboldtstrasse 7 - 7500 Karlsruhe 1 - FRG -- +49+721+621127(0700-2330) \o)/
adeboer@gjetor.geac.COM (Anthony DeBoer) (02/07/91)
In article <1991Feb4.185130.6956@zoo.toronto.edu> henry@zoo.toronto.edu (Henry Spencer) writes: >In article <1991Feb4.002104.12830@wolves.uucp> ggw%wolves@cs.duke.edu (Gregory G. Woodbury) writes: >>Has anyone else felt the desire to have the cancel command be a bit more >>controlled in Cnews? ... > >The desire, yes... but the flesh is weak. :-) The problem is that forging >news articles (including control messages) is trivial, and there is no >simple check that cannot be bypassed easily by the determined canceller. >-- >"Maybe we should tell the truth?" | Henry Spencer at U of Toronto Zoology >"Surely we aren't that desperate yet." | henry@zoo.toronto.edu utzoo!henry Maybe I'm all wet, but what about using the Paths: header? Ignore the cancel message if the path of the cancel doesn't match the path of the original article. The one main problem I see is that with redundant newsfeeds, the original and the cancel might have propagated from the poster's machine to my box down different paths and a legitimate cancel could be rejected. The other is that a determined forger on any of the machines involved, or at a neighbour of any of these machines except the poster's, could forge the appropriate Path: line. That would at least cut way down on the number of sites that could forge a cancel. At least leaf sites of minor sites would be SOL. (Or does the Internet make everybody each other's neighbour? I'm out in UUCP-land here.) Are there any other problems with the idea, or are these two problems sufficient to make it Not Worth Doing? -- Anthony DeBoer - NAUI #Z8800 adeboer@gjetor.geac.com Programmer, Geac J&E Systems Ltd. uunet!geac!gjetor!adeboer Toronto, Ontario, Canada #include <std.random.opinions.disclaimer>
spike@world.std.com (Joe Ilacqua) (02/07/91)
In article <1991Feb4.205908.7048@elroy.jpl.nasa.gov> david@elroy.jpl.nasa.gov (David Robinson) writes: >One possible solution is to create some easy to use option that allows <system administrators to disable the automatic canceling. The task maybe bigger than you think! I don't know about your site, but if I had to hand cancel articles I'd never have time to do anything else. ->Spike -- The World - Public Access Unix - +1 617-739-9753 24hrs {3,12,24,96,192}00bps
henry@zoo.toronto.edu (Henry Spencer) (02/08/91)
In article <1991Feb6.221123.23610@gjetor.geac.COM> adeboer@gjetor.geac.COM (Anthony DeBoer) writes: >Maybe I'm all wet, but what about using the Paths: header? Ignore the cancel >message if the path of the cancel doesn't match the path of the original >article... This is much worse than using the From: line, which is the official method. News propagation is not the orderly tree structure that some people envision. Usenet is full of loops and redundancy, and it's not uncommon for sites to get their news by two or more paths. Given favorable circumstances, like a naive NNTP site along the route, it is also possible to forge Path:. -- "Maybe we should tell the truth?" | Henry Spencer at U of Toronto Zoology "Surely we aren't that desperate yet." | henry@zoo.toronto.edu utzoo!henry
bruce@balilly.UUCP (Bruce Lilly) (02/08/91)
In article <ds-oh2.9!1@smurf.sub.org> urlichs@smurf.sub.org (Matthias Urlichs) writes: > >Maybe it would be a better idea to "chmod 000" the cancelled article. That >way, it can at least be restored easily if the Cancel was forged. Sounds OK so far... >How about an "uncancel" control message to restore such an article, while >we're at it? Isn't there already enough of a problem with newgroup/rmgroup ``wars''? Do we really need to add cancel/uncancel wars? -- Bruce Lilly blilly!balilly!bruce@sonyd1.Broadcast.Sony.COM
blm@6sceng.UUCP (Brian Matthews) (02/08/91)
In article <SPIKE.91Feb6175121@world.std.com> spike@world.std.com (Joe Ilacqua) writes: | The task maybe bigger than you think! I don't know about |your site, but if I had to hand cancel articles I'd never have time to |do anything else. It's probably easiest just to ignore cancels. The amount of extra disk space taken up is a very small percentage of the news you get (usually, unless your feed consists solely of talk.bizarre :-)), and the articles will expire away eventually. -- Brian L. Matthews blm@6sceng.UUCP
urlichs@smurf.sub.org (Matthias Urlichs) (02/09/91)
In news.software.b, article <1991Feb8.033709.6510@blilly.UUCP>, bruce@balilly.UUCP (Bruce Lilly) writes: < In article <ds-oh2.9!1@smurf.sub.org> urlichs@smurf.sub.org (Matthias Urlichs) writes: < < >How about an "uncancel" control message to restore such an article, while < >we're at it? < < Isn't there already enough of a problem with newgroup/rmgroup ``wars''? < Do we really need to add cancel/uncancel wars? < I suppose I forgot the half-smiley. -- Matthias Urlichs -- urlichs@smurf.sub.org -- urlichs@smurf.ira.uka.de /(o\ Humboldtstrasse 7 - 7500 Karlsruhe 1 - FRG -- +49+721+621127(0700-2330) \o)/