Broken rnews permissions

Russ Allbery rra at stanford.edu
Fri Dec 1 01:19:35 UTC 2000


Olaf Titz <olaf at bigred.inka.de> writes:

> Giving permissions based on set-GID rather than set-UID is usually the
> better choice. Of course this means that all local permissions in INN
> have to be GID-based (e.g. the UNIX socket, the temp directories, etc.
> all have to be 770 or 660).

I'm pretty sure they are, unless you set the umask to 022 with another
configure option.

> IIRC that is also the traditional setting for inews and rnews in older
> versions of INN.

I'm pretty sure I didn't change the permissions on rnews when I made those
changes a while back and that it had historically been setuid and not
setgid, but I could have made a mistake.

Hm.  Patches welcome if anyone who uses UUCP wants to take a stab at
fixing this, or I'll try to look at it when I get a chance.  It should be
a pretty simple change; I'm just a bit swamped at the moment.

>> -r-xr-s---    1 uucp     news       325316 Jan  5  1999 rnews*
>> 
>> However this will break on systems where uuxqt is run setgid uucp,
>> and according to Murphy such systems exist.

> Only if uuxqt is run setgid uucp but under a UID other than uucp, and
> I don't think this is ever the case (it's invoked either from uucp's
> crontab or from uucico, and that has to be setuid uucp).

Sounds like we can just switch to setgid, then.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the inn-workers mailing list