mail2news for only 1 newsgroup
Forrest J. Cavalier III
mibsoft at epix.net
Tue Jul 18 21:02:00 UTC 2000
> Thanks for the info Scott. I went ahead and just created a script
> (don't laugh at my scripting abilities) that sends mail to a mailing
> list and also to mailpost. Gets the job done.
Yikes! What a security problem waiting to happen.
But it isn't hard to write better shell scripts in terms of
security, as long as you know the issues.
First: Stop symlink attacks.
Create an owned temporary directory, that only
the shell user can write to.
This stops someone from being able to create a
symlink to a file they want truncated.
Second: Consider that more than one message may be in
processing at a time. So append the PID to the
temp filenames to handle that case. Generally
the PID is available in the shell as $$.
It will only take you a few minutes to make these
adaptations and test them. Post it back to the list
when you are done, since someone else may be interested
in what you are doing. Thanks for posting.
Forrest J. Cavalier III, Mib Software, INN customization and
consulting 'Pay-as-you-go' commercial support for INN: Only $64/hour!
Searchable hypertext INN docs, FAQ, RFCs, etc: 650+ pages:
http://www.mibsoftware.com/innsup.htm
More information about the inn-workers
mailing list