rainwatr@ucunix.san.uc.edu (Don Rainwater) (01/10/91)
I'm running C News (patchlevel 15-Dec-1990) on an Ultrix 4.1 system. I just switched to C News, and I like most of it. However, there is one important thing that is missing (from my point of view) - there appears to be no way of restricting postnews (et al) to a specified list of people, ala Bnews' authorized file. Before I go hacking around, I'd like to know what (if anything) anyone else has done about this. Did you modify inews, Pnews, or what? BTW, I don't want to debate the issues of whether or not everyone should be able to post. This is just the way our site has chosen to do things. -- -- Don Rainwater, Systems Manager, Univ. of Cincinnati Computer Center Don.Rainwater@UC.Edu rainwatr@ucunix.san.uc.edu rainwatr@ucbeh.bitnet ...!uccba!ucunix!rainwatr
henry@zoo.toronto.edu (Henry Spencer) (01/10/91)
In article <1991Jan9.182948.5855@ucunix.san.uc.edu> rainwatr@ucunix.san.uc.edu (Don Rainwater) writes: >... I just switched to C News, and I like most of it. However, >there is one important thing that is missing (from my point of view) - >there appears to be no way of restricting postnews (et al) to a >specified list of people, ala Bnews' authorized file. > > Before I go hacking around, I'd like to know what (if anything) >anyone else has done about this. Did you modify inews, Pnews, or what? It would be easy enough to diddle inews to enforce such a restriction, since it already has to determine the user's login name (*NOT* easy to do in a portable way) and it could just grep for it in a file. All the various posting programs ought to be going through inews. However... it's still relatively easy to make your own copy of inews and delete the restriction code, or just compose a complete article and feed it to relaynews in any of several ways. B News has similar vulnerabilities, actually. Posting restrictions may help prevent accidents but they won't stop a determined pest. -- If the Space Shuttle was the answer, | Henry Spencer at U of Toronto Zoology what was the question? | henry@zoo.toronto.edu utzoo!henry
davidsen@crdos1.crd.ge.COM (Wm E Davidsen Jr) (01/10/91)
In article <1991Jan9.201748.4682@zoo.toronto.edu> henry@zoo.toronto.edu (Henry Spencer) writes: | However... it's still relatively easy to make your own copy of inews | and delete the restriction code, or just compose a complete article | and feed it to relaynews in any of several ways. Relaynews or mail or whatever, yes, but at least with B news (on my site) a lot of the news software is setuid news and a user won't be able to run his (her) own copy. -- bill davidsen (davidsen@crdos1.crd.GE.COM -or- uunet!crdgw1!crdos1!davidsen) VMS is a text-only adventure game. If you win you can use unix.
henry@zoo.toronto.edu (Henry Spencer) (01/11/91)
In article <3113@crdos1.crd.ge.COM> davidsen@crdos1.crd.ge.com (bill davidsen) writes: > Relaynews or mail or whatever, yes, but at least with B news (on my >site) a lot of the news software is setuid news and a user won't be able >to run his (her) own copy. This is one small disadvantage of using a lot of shell files: in general they have to be readable, and making them setuid isn't entirely safe, so they're open to being copied and modified by users. We rejected trying to do anything about posting security mostly because it is so easy to subvert it -- on either B News or C News -- that we felt it was wasted effort. For example, there is no easy and portable way to be sure that a batch showing up in the uucp queues is really from the site the articles in it claim to be from, or indeed that it is from a remote site at all. -- If the Space Shuttle was the answer, | Henry Spencer at U of Toronto Zoology what was the question? | henry@zoo.toronto.edu utzoo!henry
rickert@mp.cs.niu.edu (Neil Rickert) (01/11/91)
In article <1991Jan10.213702.9298@zoo.toronto.edu> henry@zoo.toronto.edu (Henry Spencer) writes: >In article <3113@crdos1.crd.ge.COM> davidsen@crdos1.crd.ge.com (bill davidsen) writes: >> Relaynews or mail or whatever, yes, but at least with B news (on my >>site) a lot of the news software is setuid news and a user won't be able >>to run his (her) own copy. > >This is one small disadvantage of using a lot of shell files: in general >they have to be readable, and making them setuid isn't entirely safe, so >they're open to being copied and modified by users. Perhaps my brain had a core dump, or something, but I don't understand what all the fuss is about. C-news doesn't work (for posting articles) without invoking some setuid programs such as 'relaynews' and 'newsspool'. If the group permissions are used to control who can search $NEWSBIN/relay and $NEWSBIN/input, won't the problem be easily solved? -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science <rickert@cs.niu.edu> Northern Illinois Univ. DeKalb, IL 60115 +1-815-753-6940
karish@mindcraft.com (Chuck Karish) (01/11/91)
In article <1991Jan11.002040.25338@mp.cs.niu.edu> rickert@mp.cs.niu.edu (Neil Rickert) writes: > Perhaps my brain had a core dump, or something, but I don't understand what >all the fuss is about. C-news doesn't work (for posting articles) without >invoking some setuid programs such as 'relaynews' and 'newsspool'. If the >group permissions are used to control who can search $NEWSBIN/relay and >$NEWSBIN/input, won't the problem be easily solved? relaynews is the key program here. It has to be setgid on systems that have System V-style inheritence of file group ownership, in order to maintain proper group ownership of the files in the spool. This means that just changing access to relaynews won't do the job unless you're willing to make all authorized posters members of the 'news' group, which may give them permission to write to various parts of the news system that should be protected. Summary: It's doable, but you'd have to carefully re-think permissions throughout the news system. -- Chuck Karish karish@mindcraft.com Mindcraft, Inc. (415) 323-9000
henry@zoo.toronto.edu (Henry Spencer) (01/12/91)
In article <1991Jan11.002040.25338@mp.cs.niu.edu> rickert@mp.cs.niu.edu (Neil Rickert) writes: > Perhaps my brain had a core dump, or something, but I don't understand what >all the fuss is about. C-news doesn't work (for posting articles) without >invoking some setuid programs such as 'relaynews' and 'newsspool'. If the >group permissions are used to control who can search $NEWSBIN/relay and >$NEWSBIN/input, won't the problem be easily solved? If it is possible to set permissions in a suitable way, yes. The problem is that the number of groups a user can belong to is very limited -- on System V, it's 1 -- and it may not be practical to use group permissions for detailed control of access. There are also back doors into the news system, e.g. by the equivalent of "uux - thissite!rnews <file", that make somebody else (uucp) do the dirty deed for you. -- If the Space Shuttle was the answer, | Henry Spencer at U of Toronto Zoology what was the question? | henry@zoo.toronto.edu utzoo!henry
rickert@mp.cs.niu.edu (Neil Rickert) (01/12/91)
In article <663605062.9312@mindcraft.com> karish@mindcraft.com (Chuck Karish) writes: >In article <1991Jan11.002040.25338@mp.cs.niu.edu> rickert@mp.cs.niu.edu >(Neil Rickert) writes: >>group permissions are used to control who can search $NEWSBIN/relay and >>$NEWSBIN/input, won't the problem be easily solved? > >relaynews is the key program here. It has to be setgid on systems that >have System V-style inheritence of file group ownership, in order to >maintain proper group ownership of the files in the spool. This means >that just changing access to relaynews won't do the job unless you're >willing to make all authorized posters members of the 'news' group, Did you READ what I said? On my system relaynews is setuid news, setgid news. I DID NOT suggest changing that. But it is in a directory not owned by news, and not in group news. I referred to the permissions (specifically the 'x' permission) on the directory containing relaynews. If a restricted user can't access the directory containing relaynews he can't access relaynews, so he can't execute relaynews. -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science <rickert@cs.niu.edu> Northern Illinois Univ. DeKalb, IL 60115 +1-815-753-6940