COPS security audit and the unix pc.

Chris Lewis clewis at ferret.ocunix.on.ca
Thu Apr 4 06:12:14 AEST 1991


In article <563 at iczer-1.UUCP> emm at iczer-1.UUCP (Edward M. Markowski) writes:
>In article <1991Mar26.225255.6048 at ferret.ocunix.on.ca> clewis at ferret.ocunix.on.ca (Chris Lewis) writes:
>>>chmod o-w ... /usr/spool/news

>>Unless you're using C-news, you just broke your news system.  Aha, you
>>ARE using C-news (/usr/lib/newsbin).  Consider this a warning to anybody
>>else reading this article - if you're running B-news, do NOT make /usr/spool/news
>>or /usr/lib/news anything other than 777.  Sigh...

>In one of the header files in the news distribution(sp?) there is a
>constant that will allow the lib and spool directories to be set to
>755, the articles to be created 644 and the spool dirs 755.  I do not
>rember which header and constant but it is documented there or in the
>Nutshell book Managing UUCP and USENET.

It's in the defs.h for B news.  However, it won't work on System V systems
because of the way setuid/setgid programs, setuid()/setgid() and mkdir
works.  (as in, if a setuid program calls mkdir, the directory ends up
being owned by the real user not the effective, rnews can't write
into it, and there's no "elegant" way around it in System V)  Which is why
C-news goes to all of the kludgey junk for the "setnewsids" program which
runs as setuid root to run relaynews properly.

Bnews has no such kludge, though you could retrofit setnewsids if you wanted.
-- 
Chris Lewis,
clewis at ferret.ocunix.on.ca or ...uunet!mitel!cunews!latour!ecicrl!clewis
Psroff support: psroff-request at eci386.uucp, or call 613-832-0541 (Canada)
**** somebody's mailer is appending .bitnet to my From: address.  If you
see this, please use the address in the signature, and send me a copy
of the headers of the mail message with the .bitnet return address.  Thanks!



More information about the Comp.sys.3b1 mailing list