Broken rnews permissions
rra at stanford.edu
Fri Dec 1 01:19:35 UTC 2000
Olaf Titz <olaf at bigred.inka.de> writes:
> Giving permissions based on set-GID rather than set-UID is usually the
> better choice. Of course this means that all local permissions in INN
> have to be GID-based (e.g. the UNIX socket, the temp directories, etc.
> all have to be 770 or 660).
I'm pretty sure they are, unless you set the umask to 022 with another
> IIRC that is also the traditional setting for inews and rnews in older
> versions of INN.
I'm pretty sure I didn't change the permissions on rnews when I made those
changes a while back and that it had historically been setuid and not
setgid, but I could have made a mistake.
Hm. Patches welcome if anyone who uses UUCP wants to take a stab at
fixing this, or I'll try to look at it when I get a chance. It should be
a pretty simple change; I'm just a bit swamped at the moment.
>> -r-xr-s--- 1 uucp news 325316 Jan 5 1999 rnews*
>> However this will break on systems where uuxqt is run setgid uucp,
>> and according to Murphy such systems exist.
> Only if uuxqt is run setgid uucp but under a UID other than uucp, and
> I don't think this is ever the case (it's invoked either from uucp's
> crontab or from uucico, and that has to be setuid uucp).
Sounds like we can just switch to setgid, then.
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the inn-workers