|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Security problem in C news and INN
Jeroen Scheerder (Jeroen.Scheerder
let.ruu.nl)Fri, 25 Feb 1994 08:30:15 +0100
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Henry Spencer: "Re: Security problem in C news and INN"
- Previous message: Perry E. Metzger: "News Bug"
- In reply to: Perry E. Metzger: "Re: Security problem in C news and INN"
- Next in thread: Rafi Sadowsky: "Re: Security problem in C news and INN"
At 14:20 24/2/94 -0500, Perry E. Metzger wrote:
[...]
>> there are shell scripts in Cnews and INN that pass the message to
>> ucbMail, where one can do ~ escapes.
>
>Would simply replacing with /bin/mail fix this?
Yes. But binmail doesn't handle aliases since it completely bypasses
sendmail (or so I've heard) and doesn't have the '-s' switch, which is
relied on (and useful) in news reportings.
Messages are offered as stdin to the mailer. Why not simply ditch the ~
escapes? I.e. in stead of
/bin/cat rmgroupmsg | /usr/ucb/mail -s 'rmgroup nonsense by Bozo.theClown'
just do something like
/bin/sed -e 's/^~/ESCAPE-REPLACED>/' | \
rmgroupmsg | /usr/ucb/mail -s 'rmgroup nonsense by Bozo.theClown'
In INN this can be easily done - by setting the mailer in the configuration
file. In Cnews, it's a bit harder - you'll have to go through the
configuration scripts etc. all over again. And you'll have to pay
attention, and maybe write a wrapper (i.e. /usr/local/lib/news/mail) to do
what you want.
Cheers, Jeroen.
- Next message: Henry Spencer: "Re: Security problem in C news and INN"
- Previous message: Perry E. Metzger: "News Bug"
- In reply to: Perry E. Metzger: "Re: Security problem in C news and INN"
- Next in thread: Rafi Sadowsky: "Re: Security problem in C news and INN"