rickert@cs.niu.edu ("Neil Rickert, N Illinois U, CS") (04/25/91)
>In article <9104222140.AA18919@mp.cs.niu.edu> you write: >>...a way of including in the nntp_access file (or its equivalent) the >>requirement that the call be initiated from a reserved port... > >The notion of "reserved ports" does not exist on a good many systems, and >furthermore there is no agreement on precisely which ports are reserved >even on systems that do implement it. It requires that news software on >the other end run as root to get a reserved port. And it's useless if >you don't trust the system on the other end, e.g. if it might be a PC >masquerading as a host that happens to be down at the moment. > > Henry Spencer at U of Toronto Zoology > henry@zoo.toronto.edu utzoo!henry Your comments are all true. I am not convinced they are relevant. If you are trying to restrict the news you receive by an authentication scheme, you must ask why. I can only think of two good reasons: 1. The receiving site is paranoid that it will receive offensive bogus news articles. 2. The transmitting site has some private news groups which they do not want to transmit. It can be argued that concern (1) is spurious, since forging news articles is easy anyway. But we shall ignore that argument. If the site admin is concerned about this issue he should refuse to accept connections from sites so poorly administered that a random user can plug his PC onto the cable and masquerade as a host which is down. For concern (2), the masquerading by a PC is of no concern, since one presumes that the sensitive data is not available on this PC anyway. If it has already reached that far preventing its escape is impossible anyway. Most systems have some way of controlling access to the net. On a PC there is no such control, but authentication is somewhat meaningless also. On some systems all connections have to go through a controlled interface so that preventing calls to an NNTP server is possible. Other systems, such as Unix, place no restrictions except on the use of reserved ports. It is only for these systems you would use the facility. The main point I was making, however, was not about reserved ports. It was that authentication at the newsgroup level is best done directly at the transmitting site, and not at the receiving site. What the receiving NNTP server needs to enforce this is a way of validating the authenticity of the initiator of the connection. On Unix systems, which form the largest group of Usenet sites, the reserved port is appropriate. The requirement that the transmitter be root to use a reserved port should not be a problem. The software would be suid root. But it would check its realuid before making a connection, and would relinquish its root privileges as soon as the connection is established. -Neil Rickert