ant@brolga.cc.uq.oz.au (Anthony Murdoch) (07/24/90)
Greetings nntp/cnews administrators everywhere,
I'd like to take you if I may, ...... , on a strange journey. This is the
story of "The Phantom 'chown'er."
It all started a couple of weeks ago, when I changed from nntp 1.5.5 to
1.5.9 . After some initial teething problems, everything appeared to be
working happily. And then it happened.
A seemingly random file (actually a directory) was being chowned to news.news
at apparently random intervals. After some investigation, we found that the
Phantom was working in close cahoots (sp?) with the nntpd. Everytime that
nntpd was started by inetd, the file was being chowned, not just once, but
quite often as when we chowned the file back, it would chown it again to
news.news before we could even look at it.
I hear you ask, "What was the files name ?" Well here it gets eveen weirder.
The directory was initially "/usr/local/src/cops", but even when we changed
the the name of the directory, it was still coming under attack from the
Phantom. So it seemed that the Phantom was working on an i-node that
something was giving it.
At first we put it off as a not terribly important problem, just an irritating
one, but then on Friday we found that it had changed its prey to the root
directory. After a little bit of looking around today we think we have found
out the Phantom's terrible secret.
When we ran "trace -p" on the nntpd process as it ran, we noticed that it was
making calls to chown with an empty string. From there it wasn't to had to
track it down to "batch.c" (there are only 2 places in the server where chown
are called from). Below I have included a quick patch until it is included
into a future patch level.
BTW, has anyone else noticed this strange behavior ? It seems a weird thing
for chown to do when given an empty string.
ant
root-[brolga] diff -c batch.c batch.c.old
*** batch.c Tue Jul 24 16:42:23 1990
--- batch.c.old Thu Jul 5 17:29:11 1990
***************
*** 88,95 ****
if (!cpstdin(cont_code, err_code, errbuf)) /* may create tempfile */
return 0;
#ifdef POSTER
! if (tempfile[0])
! (void) chown(tempfile, uid_poster, gid_poster);
#endif
status = appbatch();
if (tempfile[0] != '\0')
--- 88,94 ----
if (!cpstdin(cont_code, err_code, errbuf)) /* may create tempfile */
return 0;
#ifdef POSTER
! (void) chown(tempfile, uid_poster, gid_poster);
#endif
status = appbatch();
if (tempfile[0] != '\0')
--
V ant "It's great to be young and insane"
\o/ ant@brolga.cc.uq.oz.au - Dream Team
-O- Anthony Murdoch Prentice Computer Centre
/0\ Phone (07) 3774078 University of QldMakey@Logicon.COM (Jeff Makey) (07/24/90)
On UNIX 4.2 BSD, at least, chown() on a zero-length file name changes
the ownership of the current directory. This is easy to demonstrate.
:: Jeff Makey
Department of Tautological Pleonasms and Superfluous Redundancies Department
Disclaimer: All opinions are strictly those of the author.
Internet: Makey@Logicon.COM UUCP: {nosc,ucsd}!logicon.com!Makeyant@brolga.cc.uq.oz.au (Anthony Murdoch) (07/26/90)
Makey@Logicon.COM (Jeff Makey) writes: >On UNIX 4.2 BSD, at least, chown() on a zero-length file name changes >the ownership of the current directory. This is easy to demonstrate. I have been told this. I would be prepared to believe it for SunOS 4.1 except that I cannot work out what nntpd was doing in the directory /usr/local/src/cops Also, why did it change this to /usr/local/src/cops when we changed the name (I suppose we may have moved it while nntpd was actually running ?) It's a fun one in any case. ant -- V ant "It's great to be young and insane" \o/ ant@brolga.cc.uq.oz.au - Dream Team -O- Anthony Murdoch Prentice Computer Centre /0\ Phone (07) 3774078 University of Qld
marc@uni-paderborn.de (Marc Gumbold) (08/03/90)
ant@brolga.cc.uq.oz.au (Anthony Murdoch) writes: >Greetings nntp/cnews administrators everywhere, >I'd like to take you if I may, ...... , on a strange journey. This is the >story of "The Phantom 'chown'er." >It all started a couple of weeks ago, when I changed from nntp 1.5.5 to >1.5.9 . After some initial teething problems, everything appeared to be >working happily. And then it happened. >A seemingly random file (actually a directory) was being chowned to news.news >at apparently random intervals. After some investigation, we found that the >Phantom was working in close cahoots (sp?) with the nntpd. Everytime that [most interesting story deleted] >BTW, has anyone else noticed this strange behavior ? It seems a weird thing >for chown to do when given an empty string. God! It happens to our root directory and did happen to some of the dir's under /. Who knows which other directories may be affected... I don't dare looking it up... but root is annoying enough anyway. I've had no idea so far. I examined my C-News software, but with no obvious success. Next candidate would have been nntp, of course. We're running 1.5.8. Boy, am I glad I'm not the only one with that problem in the world. I'll try your patch. Thank you very very much for posting. Marc -- Marc Gumbold EMail: marc@uni-paderborn.de Phone: +49 5251 60 3803 Snail: Uni-GH Paderborn, FB17i, 4790 Paderborn, W. Germany