rnews assumes it can safely rename spooled tmp files

Russ Allbery rra at stanford.edu
Sat Feb 26 07:28:26 UTC 2000

Joe St Sauver <JOE at OREGON.UOREGON.EDU> writes:

> After a period when our reader box was down, upon coming back up
> rnews attempted to rename files from /news/tmp to 
> /var/spool/news/incoming, however, as implemented that involves
> a cross-device link and fails. E.G.:

> Feb 25 08:41:18 pith rnews: cant rename /news/tmp/38b6b0adFAaq9P 
> to /var/spool/news/incoming/38b6b0aeGAaq9P Cross-device link

I'd like to see this fixed too; in the meantime, it's documented in
inn.conf(5) (which isn't the most obvious place to look for it, I know).

         Where INN puts temporary files.  For security reasons, this is
         not the same as the system temporary files directory (INN creates
         a lot of temporary files with predictable names and does not go
         to particularly great lengths to protect against symlink attacks
         and the like; this is safe provided that normal users can't write
         into its temporary directory).  It must be on the same partition
         as pathincoming for rnews(1) to work correctly.  The default
         value is set at configure time and defaults to pathnews/tmp.

> I'd suggest modifying that behavior to either do a copy instead of a
> hard link by default, or to at least test for a cross-device disk
> layout, and only do hard links when safe.

I think the best way of handling this is for rnews to just have its own
tmp directory in pathincoming, like the existing "bad" directory.

Russ Allbery (rra at stanford.edu)         <URL:http://www.eyrie.org/~eagle/>

More information about the inn-workers mailing list