segedy@gsg.UUCP (Catherine Segedy) (12/06/88)
Everyone is going crazy over the problem of running the maps through a shell script, and all of the problems which that creates. It took me 1/2 hour to write (and test to my own satisfaction) a simple C program to do it instead. It rejects EVERYTHING which is not in the format I expect. (We get our map updates regularly enought that it is not too important if a couple of maps get thrown out here and there). This took considerably less time than reading the huge volume of news that has been generated on the subject. Cathy Segedy ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ decvax!gsg!segedy harvard!gsg!segedy I am not a liberated woman because I have ALWAYS been free. Thanks MOM, thanks DAD, for raising me right! my views are my own. That is all that is certain about them.
John_-_DeBert@cup.portal.com (12/07/88)
In article [283@gsg.UUCP] Cathy Segedy writes: >Everyone is going crazy over the problem of running the maps through a shell >script, and all of the problems which that creates. It took me 1/2 hour to >write (and test to my own satisfaction) a simple C program to do it instead. >It rejects EVERYTHING which is not in the format I expect. (We get our map >updates regularly enought that it is not too important if a couple of maps >get thrown out here and there). > >This took considerably less time than reading the huge volume of news that >has been generated on the subject. > > Cathy Segedy > > >I am not a liberated woman because I have ALWAYS been free. > Thanks MOM, thanks DAD, for raising me right! While all the boys were bickering and complaining amongst themselves, a woman, as usual, did something than needed doing. John_-_DeBert@cup.portal.com CI$ 75530,347 SMail: Box 51754, Pacific Grove, CA, 93950-6754, USA, Terra, Milky Way, etc. "The opinions expressed are mine alone and do not necessarily reflect those of any other entity within or without the Universe."
segedy@gsg.UUCP (Catherine Segedy) (12/08/88)
The other day I posted to these three groups describing my C program for unpacking map files. It has now been sent to the moderator of comp.sources.misc, so you can look for it there sometime soon. I make no guarentees on the program. Please let me know if you find problems with it. I hope it is helpful to someone. Its called uns.c (that name might be taken by something else -- it looks familiar). Anyway, sorry I didn't just post it right away, but I couldn't until now. cathy segedy, GSG harvard!gsg!segedy decvax!gsg!segedy
mbt@bridge2.3Com.Com (Brad Turner) (12/08/88)
In article <12273@cup.portal.com> John_-_DeBert@cup.portal.com writes: >In article [283@gsg.UUCP] Cathy Segedy writes: > >>write (and test to my own satisfaction) a simple C program to do it instead. >> [stuff deleted] >>This took considerably less time than reading the huge volume of news that >>has been generated on the subject. >> >> Cathy Segedy Being really lazy I did the same thing about a year ago only I used lex and a shell script. This ain't a contest, but below is a sufficiently short lex program to chop off the headers of map files as they are sent out. ----------------cut here-------guillotin.l------------------ %START A B %% {BEGIN A;} <A>[^\000] {} <A>"if " {BEGIN B; printf("%s",yytext);} <A>"export " {BEGIN B; printf("%s",yytext);} <A>"sed " {BEGIN B; printf("%s",yytext);} <A>"cat " {BEGIN B; printf("%s",yytext);} <A>"echo " {BEGIN B; printf("%s",yytext);} <B>[^\000] {printf("%s",yytext);} %% ----------------cut here------------------------------------ All that this little lex program does is throw away all input until it sees a word it recognizes. It then goes into state B and simply transcribes stdin to stdout (hence the name guillotin, it chops off headers :-) I set up cron to wake up every night, go to the usenet maps directory, assert a uucp lock to keep uuxqt from running while I do. For each file in the directory run it through "cat $file | guillotin | sh" mv the output to my real maps directory and rm the usenet map file. After this I run pathailas on the contents of my real maps dir. It was pretty simple and I managed to do it in an afternoon. I'm guess-tamating I spent as much time "re-inventing" a package as I would have spent hunting it down and installing/understanding it. -brad- -- v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v Brad Turner 1330 Ashleybrook Ln. (919) 768-2097 | I speak for myself 3Com Corp. Winston-Salem, NC 27103 mbt@bridge2 | NOT for my employer.
mbt@bridge2.3Com.Com (Brad Turner) (12/09/88)
ooppps. Before ya flame me telling me how my previous posting wasn't safe since I choose to use sh, let me include that the script is run su mapdaemon which has only the priviledges of a normal user on the system. Futher more output is mailed to the sysadmin at the end of each run. I figure this is a pretty safe compromise between prudence and paranoia. -brad- -- v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v Brad Turner 1330 Ashleybrook Ln. (919) 768-2097 | I speak for myself 3Com Corp. Winston-Salem, NC 27103 mbt@bridge2 | NOT for my employer.
gwyn@smoke.BRL.MIL (Doug Gwyn ) (12/09/88)
In article <12273@cup.portal.com> John_-_DeBert@cup.portal.com writes: >While all the boys were bickering and complaining amongst themselves, a woman, >as usual, did something than needed doing. It's okay to commend Cathy for a job well done, but we really don't need such sexist remarks in technical newsgroups. Thanks.
Makey@LOGICON.ARPA (Jeff Makey) (12/10/88)
In article <210@bridge2.3Com.Com> mbt@bridge2.3Com.com (Brad Turner) writes: >Before ya flame me telling me how my previous posting wasn't >safe since I choose to use sh, let me include that the script is run >su mapdaemon which has only the priviledges of a normal user on the system. >Futher more output is mailed to the sysadmin at the end of each run. > >I figure this is a pretty safe compromise between prudence and paranoia. Some people just don't pay attention, do they? Remember: the Internet virus used only the privileges of a "normal" UNIX user to do its dirty work. Brad's lex + sh method of unsharing UUCP maps is a very *unsafe* compromise between prudence and paranoia. In other words, his plan is very prudent, but not very paranoid. Mailing the output to the sysadmin (who, we foolishly presume, knows enough to recognize nasties) has all the effectiveness of closing the barn door after the horse is gone. I haven't had a chance to look carefully at Cathy Segedy's C program, but there's no question that such an approach is the most efficent (in terms of machine resources) and safest method of unsharing map files. :: Jeff Makey Department of Tautological Pleonasms and Superfluous Redundancies Department Disclaimer: Logicon doesn't even know we're running news. Internet: Makey@LOGICON.ARPA UUCP: {nosc,ucsd}!logicon.arpa!Makey
pokey@well.UUCP (Jef Poskanzer) (12/10/88)
In the referenced message, Makey@LOGICON.ARPA (Jeff Makey) wrote: }In article <210@bridge2.3Com.Com> mbt@bridge2.3Com.com (Brad Turner) writes: }>I figure this is a pretty safe compromise between prudence and paranoia. } }Some people just don't pay attention, do they? } }I haven't had a chance to look carefully at Cathy Segedy's C program, }but there's no question that such an approach is the most efficent (in }terms of machine resources) and safest method of unsharing map files. Well, I have looked at Cathy's program, all 93 lines of it, and unless I'm reading it wrong she wasn't paying much attention either. Consider the following somewhat twisted fragment where she gets the output filename from the shar file: strncpy(file2,&buffer[20],(strlen(&buffer[20]) - 1)); printf("opening file {%s}\n",file2); if((fp2 = fopen(file2, "w")) == NULL) { Do you see anything in there to prevent "../../../../etc/passwd"? I sure don't. By the way, uns.c uses a fixed size buffer, only 256 characters long. I have right here in my home directory a shar file with a 288 character line. These are minor nits, easily fixable, but I thought someone ought to point them out before people start installing uns.c and thinking they are secure. --- Jef Jef Poskanzer jef@rtsg.ee.lbl.gov ...well!pokey Flon's Law: There is not now, and never will be, a language in which it is the least bit difficult to write bad programs.
jim@eda.com (Jim Budler) (12/12/88)
In article <7876@well.UUCP> Jef Poskanzer <jef@rtsg.ee.lbl.gov> writes: | Well, I have looked at Cathy's program, all 93 lines of it, and unless | I'm reading it wrong she wasn't paying much attention either. Consider | the following somewhat twisted fragment where she gets the output filename | from the shar file: | | strncpy(file2,&buffer[20],(strlen(&buffer[20]) - 1)); | printf("opening file {%s}\n",file2); | if((fp2 = fopen(file2, "w")) == NULL) { | | Do you see anything in there to prevent "../../../../etc/passwd"? I sure | don't. | Oh!!! You unpack your maps as root! Gasp! <--- sarcasm 8^) I unpack my maps as 'news'. Currently the damage is limited to the news heirarchy, plus the news library. I may modify the source to disallow any '/'. | By the way, uns.c uses a fixed size buffer, only 256 characters long. | I have right here in my home directory a shar file with a 288 character | line. It was I beieve, designed to unpack maps, not general shar files. | | These are minor nits, easily fixable, but I thought someone ought to | point them out before people start installing uns.c and thinking they | are secure. They are much more secure than previous unshars, commands being disallowed entirely. You made the problems sound much worse than they are. Lighten up. | --- | Jef -- Jim Budler address = uucp: ...!{decwrl,uunet}!eda!jim OR domain: jim@eda.com #define disclaimer "I do not speak for my employer" #define truth "I speak for myself" #define result "variable"
mbt@bridge2.3Com.Com (Brad Turner) (12/13/88)
In article <232@logicon.arpa> Makey@LOGICON.ARPA (Jeff Makey) writes: >In article <210@bridge2.3Com.Com> mbt@bridge2.3Com.com (Brad Turner) writes: >>Before ya flame me telling me how my previous posting wasn't >>safe since I choose to use sh, let me include that the script is run >>su mapdaemon which has only the priviledges of a normal user on the system. >>Futher more output is mailed to the sysadmin at the end of each run. >> >>I figure this is a pretty safe compromise between prudence and paranoia. > >Some people just don't pay attention, do they? Remember: the Internet >virus used only the privileges of a "normal" UNIX user to do its dirty >work. Brad's lex + sh method of unsharing UUCP maps is a very >*unsafe* compromise between prudence and paranoia. In other words, >his plan is very prudent, but not very paranoid. > Point well taken. 1) Open mouth wide 2) Insert foot deep 3) gnaw...... I wasn't thinking when I posted..... DON'T DO WHAT I SUGGESTED IT IS A HOSED IN THE HEAD IDEA! humbly, -brad- -- v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v Brad Turner 1330 Ashleybrook Ln. (919) 768-2097 | I speak for myself 3Com Corp. Winston-Salem, NC 27103 mbt@bridge2 | NOT for my employer.
clewis@ecicrl.UUCP (12/15/88)
In article <395@eda.com> jim@eda.com (Jim Budler) writes: >In article <7876@well.UUCP> Jef Poskanzer <jef@rtsg.ee.lbl.gov> writes: >| Well, I have looked at Cathy's program, all 93 lines of it, and unless >| I'm reading it wrong she wasn't paying much attention either..... >| >| Do you see anything in there to prevent "../../../../etc/passwd"? I sure >| don't. >Oh!!! You unpack your maps as root! Gasp! <--- sarcasm 8^) >I unpack my maps as 'news'. >Currently the damage is limited to the news heirarchy, plus the news library. >I may modify the source to disallow any '/'. How about placing the following into "../../../rnews"? for i in /bin/* do od $i | mail root done I'd say that was a little more than limited to the news heirarchy. If you're gonna do this right, you gotta be really paranoid. >| By the way, uns.c uses a fixed size buffer, only 256 characters long. >| I have right here in my home directory a shar file with a 288 character >| line. >It was I beieve, designed to unpack maps, not general shar files. Gee, it wouldn't be using gets would it? ;-> Come on guys - if this were war, you'd be trashed already. Half measures are usually worse than none at all - being lulled by a false sense of security. -- Chris Lewis, Markham, Ontario, Canada {uunet!attcan,utgpu,yunexus,utzoo}!lsuc!ecicrl!clewis Ferret Mailing list: ...!lsuc!gate!eci386!ferret-request (or lsuc!gate!eci386!clewis or lsuc!clewis)
jim@eda.com (Jim Budler) (12/16/88)
In article <164@ecicrl.UUCP> clewis@ecicrl.UUCP (Chris Lewis) writes: | In article <395@eda.com> jim@eda.com (Jim Budler) writes: | >In article <7876@well.UUCP> Jef Poskanzer <jef@rtsg.ee.lbl.gov> writes: | >| Well, I have looked at Cathy's program, all 93 lines of it, and unless | >| I'm reading it wrong she wasn't paying much attention either..... [...] | >I may modify the source to disallow any '/'. First, you totally ignored the statement above. | | How about placing the following into "../../../rnews"? | | for i in /bin/* | do | od $i | mail root | done | Second, though partially my fault since I failed to mention I run here program under chroot(2). So there is no od(1), and no mail(1), and now there is not even a sed(1) available. | I'd say that was a little more than limited to the news heirarchy. If you're | gonna do this right, you gotta be really paranoid. | | >| By the way, uns.c uses a fixed size buffer, only 256 characters long. | >| I have right here in my home directory a shar file with a 288 character | >| line. | | >It was I beieve, designed to unpack maps, not general shar files. | | Gee, it wouldn't be using gets would it? ;-> | | Come on guys - if this were war, you'd be trashed already. Half measures | are usually worse than none at all - being lulled by a false sense of | security. Like I said, above, I do not use uns without some protective wrapping around it, so I doubt it. Now, I'll get down to what I really feel about this whole subject: 1) Someone supplied some source code, presented as a possible solution to a problem. 2) It wasn't perfect 8^) But then neither is sendmail, ftpd, fingerd, and many other programs, including basically Unix(tm). 3) You supplied neither a better solution, nor helped to fix it in any positive way ( or did I miss your posting of the traditional Usenet source code assistance, a diff). Cathy's program, slightly modified, wrapped within an edit of Mr. Quartermain's uuhosts script and mapsh program, increased the security of unpacking the maps. What did your postings really contribute? And no I haven't finished my mods to the program, yet, so I know it isn't perfect yet, and given your response to less than perfection I may never post it, but instead sit here more secure, in the grand tradition of all those who sat back and said "I've known about that hole for years." Why post source, I'll just get flames from the perfect people out there. <----- *more sarcasm* | -- | Chris Lewis, Markham, Ontario, Canada Like I said lighten up. jim -- Jim Budler address = uucp: ...!{decwrl,uunet}!eda!jim OR domain: jim@eda.com #define disclaimer "I do not speak for my employer" #define truth "I speak for myself" #define result "variable"
clewis@ecicrl.UUCP (Chris Lewis) (12/22/88)
In article <397@eda.com> jim@eda.com (Jim Budler) writes: >In article <164@ecicrl.UUCP> clewis@ecicrl.UUCP (Chris Lewis) writes: >| In article <395@eda.com> jim@eda.com (Jim Budler) writes: >| >In article <7876@well.UUCP> Jef Poskanzer <jef@rtsg.ee.lbl.gov> writes: >| >| Well, I have looked at Cathy's program, all 93 lines of it, and unless >| >| I'm reading it wrong she wasn't paying much attention either..... >[...] >| >I may modify the source to disallow any '/'. >First, you totally ignored the statement above. First, you said "may". That also means "may not". >| How about placing the following into "../../../rnews"? >| for i in /bin/* >| do >| od $i | mail root >| done >Second, though partially my fault since I failed to mention I run here >program under chroot(2). So there is no od(1), and no mail(1), and now >there is not even a sed(1) available. Second, you left out one line of your article that *you* wrote (just before the "may" line): >Currently the damage is limited to the news heirarchy, plus the news library. That is, you're implying that it is *is* possible to damage the news heirarchy, which rnews is a part of. I can only comment on the code as presented. AND, more importantly, noone else running Cathy's program knows that you're using chroot either - so *they* are insecure. Thus, you're inventing excuses after the fact. Your approach requires that something (mapsh if you are using uuhosts) has to be setuid root so that chroot can be used. A lot of SA's out there won't run setuid root programs if they can possibly help it. With Jef Poskanzer simple suggestions, Cathy's program wouldn't have to use chroot. What's wrong with that? Why did you react to a very constructive posting from Jef with a flame? Is it that you are simply a twit? >Now, I'll get down to what I really feel about this whole subject: > 1) Someone supplied some source code, presented as a possible > solution to a problem. For which I applaud her attempt. Not your flames in retaliation for a couple of simple suggestions by Jef. > 3) You supplied neither a better solution, nor helped to > fix it in any positive way ( or did I miss your posting of > the traditional Usenet source code assistance, a diff). Yes I did. Ever since I got involved in this discussion I have been telling everyone to use uuhosts or something similar. Cathy's program enhanced with Jef's suggestions is even better - because you *don't* need chroot and because you *don't* have to setuid root. >Cathy's program, slightly modified, wrapped within an edit of >Mr. Quartermain's uuhosts script and mapsh program, increased >the security of unpacking the maps. Which is dumb. If you've using mapsh why in the hell do you need Cathy's program? mapsh is a setuid root chroot'd shar. Which is probably safe (but undesirable). What would be even better is to remove mapsh and replace it completely with Cathy's program. >What did your postings really contribute? Regarding postings (plural): Lots. Since Larry Blair and I made asses of ourselves about this issue, people actually *DID* something about it. I've been telling people about this hole on and off for about three years. What good did it do? Not much. Publishing holes in the net is frowned upon, some people are dense about blunt hints, and other people say "it couldn't happen to me". In light of the Internet Worm, I was actually composing an article to completely reveal this hole along with the *strong* suggestion that they install uuhosts ASAP. Then Larry Blair beat me to it. Jim, read my lips: - There is no bug. THEREFORE patch input is useless. There's nothing to patch. - There are already several packages available that unpack maps safely. THEREFORE we didn't need to post any of them. - All we've been trying to do is hit SA's over the head hard enough for them to pay attention and plug their own bloody holes with software that ALREADY EXISTS. Because Larry and I made fools of ourselves, Cathy wrote her program. Many other people wrote similar programs. Many other people thought that their pet unshars were safe. Most of them were wrong and found out. And in the end: MANY SA'S PLUGGED THE HOLE!!!!! Which is exactly what we were intending! Cosmic wow! And I helped! Take a bow Chris and Larry! And all of us (except possibly you) learned something in the process! regarding "posting" singular: Because you obviously didn't know what you were doing. And are inventing excuses post-facto. >And no I haven't finished my mods to the program, yet, so I know >it isn't perfect yet, and given your response to less than perfection >I may never post it, Which is no great loss considering how well you understand uuhosts and what mapsh does. >but instead sit here more secure, in the grand >tradition of all those who sat back and said "I've known about that >hole for years." Why post source, I'll just get flames from the >perfect people out there. <----- *more sarcasm* [gosh, I'd never have noticed!] [ ^ this is sarcasm too! ] Nah, you couldn't be referring to me. I post source. >Like I said lighten up. Interesting. You say that in almost all of your postings. Most of which are rabid flames in response to what appear to be relatively mild comments or suggestions. Have you some sort of psychological problem? In contrast, I only flame twits. <-------- *personal insult* [ ^ *more sarcasm* ] -- Chris Lewis, Markham, Ontario, Canada {uunet!attcan,utgpu,yunexus,utzoo}!lsuc!ecicrl!clewis Ferret Mailing list: ...!lsuc!gate!eci386!ferret-request (or lsuc!gate!eci386!clewis or lsuc!clewis)
jim@eda.com (Jim Budler) (12/24/88)
In article <167@ecicrl.UUCP> clewis@ecicrl.UUCP (Chris Lewis) writes: | In article <397@eda.com> jim@eda.com (Jim Budler) writes: | >[...] | >| >I may modify the source to disallow any '/'. | | >First, you totally ignored the statement above. | | First, you said "may". That also means "may not". OK | >Second, though partially my fault since I failed to mention I run here | >program under chroot(2). So there is no od(1), and no mail(1), and now | >there is not even a sed(1) available. | | Thus, you're inventing excuses after the fact. No I was not *inventing* anything. | Your approach requires that something (mapsh if you are using uuhosts) has | to be setuid root so that chroot can be used. A lot of SA's out there | won't run setuid root programs if they can possibly help it. That's is their problem. A setuid program for which I have the source seems relatively safe. | With Jef Poskanzer simple suggestions, Cathy's program wouldn't have to use | chroot. What's wrong with that? Why did you react to a very constructive | posting from Jef with a flame? Is it that you are simply a twit? You call this constructive? | >| >In article <7876@well.UUCP> Jef Poskanzer <jef@rtsg.ee.lbl.gov> writes: | >| >| Well, I have looked at Cathy's program, all 93 lines of it, and unless | >| >| I'm reading it wrong she wasn't paying much attention either..... At this point in time my memory is that in addition to the *constructive* comments above he mentioned using uns to unpack something into /etc/passwd. To which I replied that news was not allowed to write to /etc/passwd, and that I might disallow '/'. Your analysis of this statement is above. The other *constructive* comment was something like: and the program uses gets(). Now *if* people have been watching news for a while, and if they have caught the articles in question that statement might be amplified in there mind into a documentary on the security aspects of using gets() instead of fgets(). | | > 1) Someone supplied some source code, presented as a possible | > solution to a problem. | | For which I applaud her attempt. Not your flames in retaliation for | a couple of simple suggestions by Jef. I don't and didn't feel that Jef's comments were constructive. I'll agree they were simple. | | > 3) You supplied neither a better solution, nor helped to | > fix it in any positive way ( or did I miss your posting of | > the traditional Usenet source code assistance, a diff). | | Yes I did. Ever since I got involved in this discussion I have been | telling everyone to use uuhosts or something similar. Cathy's program | enhanced with Jef's suggestions is even better - because you *don't* | need chroot and because you *don't* have to setuid root. I've been running uuhosts as long as I've been on the net (this job) and started using it when it first came out, (previous job). Wasn't that your suggestion? uuhosts is better that cron running sh on the maps. But it isn't perfect. | >Cathy's program, slightly modified, wrapped within an edit of | >Mr. Quartermain's uuhosts script and mapsh program, increased | >the security of unpacking the maps. | | Which is dumb. If you've using mapsh why in the hell do you need Cathy's | program? mapsh is a setuid root chroot'd shar. Which is probably safe | (but undesirable). Which is not dumb. First mapsh is not a shar. It is just (cd $maps; chroot; sh). uuhosts pipes particular commands to it. As was pointed out in these discussions, chroot() does not prevent damage by using up the inodes. | What would be even better is to remove mapsh and | replace it completely with Cathy's program. Probably, when I get the time to finish disallowing '/', and replacing gets() with fgets(). At that time I'll probably eliminate uuhosts entirely for unpacking maps, gut it and retain its other useful map display and indexing features. | | >What did your postings really contribute? | | Regarding postings (plural): | [verbal self congratulations] | | Jim, read my lips: | | - There is no bug. THEREFORE patch input is useless. There's nothing | to patch. Make up your mind. Either Jef suggested fixes to the program, or there is no bug. It can't be both. My request for patch input was a statement about Jef's statements about Cathy's program. Was he making constructive criticism or rude remarks. I felt he was making rude remarks, and hence my posting. | | - There are already several packages available that unpack maps safely. | THEREFORE we didn't need to post any of them. | | - All we've been trying to do is hit SA's over the head hard enough | for them to pay attention and plug their own bloody holes with | software that ALREADY EXISTS. | | Because Larry and I made fools of ourselves, Cathy wrote her program. | Many other people wrote similar programs. Many other people thought | that their pet unshars were safe. Most of them were wrong and found out. | And in the end: | So what are you crying about? I posted about what I felt was Jef's unhelpful attitude. You jumped on me, I responded. Classic Usenet tradition. | MANY SA'S PLUGGED THE HOLE!!!!! | | Which is exactly what we were intending! Cosmic wow! And I helped! | Take a bow Chris and Larry! And all of us (except possibly you) | learned something in the process! Congratulations! Does that make you feel better? Some of us, including me learned from Cathy. Some of us, including me were made aware by Jef of two holes in Cathy's program. But Jef was not truely constructive in the manner in which he presented these holes. | | regarding "posting" singular: | | Because you obviously didn't know what you were doing. And are inventing | excuses post-facto. Oh, calling me a liar again. And obviously didn't know what I was doing? Where did you get that from? There is nothing *wrong* about what I am doing. Overkill, is probably the most descriptive word. But wrong? | | >And no I haven't finished my mods to the program, yet, so I know | >it isn't perfect yet, and given your response to less than perfection | >I may never post it, | | Which is no great loss considering how well you understand uuhosts and | what mapsh does. Thanks, I needed that. How do you know what I know about uuhosts? Oh, that's right, I forgot, I lied about using it. And you obviously know all about it. Quoting you: | program? mapsh is a setuid root chroot'd shar. Which is probably safe | | >but instead sit here more secure, in the grand | >tradition of all those who sat back and said "I've known about that | >hole for years." Why post source, I'll just get flames from the | >perfect people out there. <----- *more sarcasm* | [gosh, I'd never have noticed!] | [ ^ this is sarcasm too! ] | | Nah, you couldn't be referring to me. I post source. | That's nice, so do I. | >Like I said lighten up. | | Interesting. You say that in almost all of your postings. Most of | which are rabid flames in response to what appear to be relatively mild | comments or suggestions. Have you some sort of psychological problem? | I doubt that you see most of my postings. I didn't feel that Jef's statements were relatively mild comments or suggestions. I didn't feel his suggestions were clear. And they were presented very poorly. | In contrast, I only flame twits. <-------- *personal insult* | [ ^ *more sarcasm* ] Try sending a few to yourself then. I felt, and I feel that Jef did a very great disservice to a new source poster. In the process the two suggestions hidden within his posting may assist the Usenet. But he could have done the same service to Usenet in a manner which did not put down the efforts of another. But maybe that is too much to ask. | -- | Chris Lewis, Markham, Ontario, Canada Call me a twit if you like. The world around has an opinion of all the players in this small drama. They undoubtedly have made up their mind about Jim Budler, Chris Lewis, and Jef Poskanzer. I can live with you opinion of me, and I'm sure you can live with my opinion of you. And we probably will never know the opinions of the great majority. Merry Christmas. jim -- Jim Budler address = uucp: ...!{decwrl,uunet}!eda!jim OR domain: jim@eda.com #define disclaimer "I do not speak for my employer" Notice: I record license plate numbers of tailgaters
jim@eda.com (Jim Budler) (12/24/88)
In article <419@eda.com> jim@eda.com (Jim Budler) writes: | In article <167@ecicrl.UUCP> clewis@ecicrl.UUCP (Chris Lewis) writes: Chris doesn't like what I said, but one of the things I said was that I intended to make a couple of changes to Cathy's uns.c and then run it out from under uuhosts instead of under uuhosts/mapsh. I'll put my mouth where my mouth was, since I am on vacation and have been spurred to find the time. I do not do this because my previous way of running it was insecure (under uuhosts and mapsh), but because with these trivial changes the security is maintained, while the processing is simplified. An advantage gained compared to the original uuhosts, with or without mapsh, is increased security. mapsh prevented most problems, but could have been susceptible to malicious inode usage. Uuhosts itself did *limited* checking of the map shar before passing it to sh. Another advantage over the original uuhosts is a single letter to news (aliased to me) logging the actions, instead of a letter for each map file. The changes I made: Lengthened the input filename buffer to allow the method I use, detailed below. Lengthened the line buffer to allow longer lined shars. Dissallowed '/' in the output filenames. It must be run in the map directory. Thank you Cathy Segedy <decvax!gsg!segedy> for uns.c Details: My news sys file entry related to maps: ================= maps:world,comp.mail.maps:F:/usr/spool/news/maps/comp.mail.maps/Batch ================= My crontab entry: ================= 30 5 * * * /usr/spool/news/maps/comp.mail.maps/Process > /dev/null 2>&1 ================= Note: I have a sysV type crontab with different crontabs for each user. This crontab entry runs as news, not root. A v7/BSD one *might* look like: ================= 30 5 * * * /bin/su news < /usr/spool/news/maps/comp.mail.maps/Process > /dev/null 2>&1 ================= I could be wrong about that, check your manual. The script /usr/spool/news/maps/comp.mail.maps/Process : ================= #! /bin/sh # unbatch the maps, then make install paths umask 2 cd /usr/spool/news/maps/comp.mail.maps if [ -f Batch ]; then # /usr/local/bin/uuhosts -unbatch # using uns instead of uuhosts to unbatch mv Batch Batch.working for file in `cat Batch.working` do uns $file >> Batch.log done # use uuhosts to create the index file /usr/local/bin/uuhosts -i mail -s 'Map Process Log' postmaster < Batch.log rm -f Batch.working Batch.log make -s install fi ================= And finally diff. By the way for you who have been listening, Cathy's program did not use gets(), it always used fgets(). ================= *** /tmp/,RCSt1a26060 Fri Dec 23 12:50:39 1988 --- uns.c Fri Dec 23 12:50:19 1988 *************** *** 26,35 **** after the SHAR_EOF. Someone might wish to shorten MAXLIN (do map files have a line limit?) */ #include <stdio.h> ! #define MAXLIN 256 main(argc,argv) int argc; --- 26,39 ---- after the SHAR_EOF. Someone might wish to shorten MAXLIN (do map files have a line limit?) */ + /* lengthened MAXLIN cause someone said they found longer lines in + * a shar file. I don't know if this was a map shar file. + * Is there a line length on a map shar file? - jim budler + */ #include <stdio.h> ! #define MAXLIN 1024 main(argc,argv) int argc; *************** *** 38,50 **** FILE *fp, *fp2; char buffer[MAXLIN]; int at_beginning, at_end; ! char filename[20], file2[20]; at_beginning = 0; at_end = 0; if(argc != 2){ ! printf("bad arguements\n"); exit(1); } --- 42,58 ---- FILE *fp, *fp2; char buffer[MAXLIN]; int at_beginning, at_end; ! char filename[1024], file2[20]; ! /* lengthened the buffer for filename. The full path for filename is ! * presented by my method of passing the input name to uns, so ! * a longer buffer was required than 20 char. - jim budler. ! */ at_beginning = 0; at_end = 0; if(argc != 2){ ! printf("bad arguments\n"); exit(1); } *************** *** 68,73 **** --- 76,86 ---- } printf("removing end-of-line while copying\n"); strncpy(file2,&buffer[20],(strlen(&buffer[20]) - 1)); + /* check for / in output filenames. Disallow such files - jim budler */ + if ( rindex ( file2, '/') != NULL ) { + printf ("%s contains /, aborting.\n", file2); + exit(1); + } printf("opening file {%s}\n",file2); if((fp2 = fopen(file2, "w")) == NULL) { printf("can not open file {%s}\n",file2); ================= -- Jim Budler address = uucp: ...!{decwrl,uunet}!eda!jim OR domain: jim@eda.com #define disclaimer "I do not speak for my employer" Notice: I record license plate numbers of tailgaters