older 2.3 INN ... bug in readers.conf/nnrp?

The Hermit Hacker scrappy at hub.org
Tue Jun 6 12:06:30 UTC 2000

Can anyone tell me if there was a security bug, maybe, in an older nnrpd
along the 2.3 strain?  Or, did I screw up this very simple looking
readers.conf ... I *thought* I had it set so that anyone that had a
userid/passwd *or* was on the local campus, could connect and everyone
else was denied by default.  Yet, I just found out, this has opened me up
to anyone reading *and* posting news on our server :(

##  $Revision: 1.1 $
##  readers.conf -- access file for NNTP readers.

auth "default" {
        # allow authenticated users to read/post everywhere
        hosts: "*"
        default: "local-user at acadiau.ca"
        auth: "radius -f /news/admin/etc/radius.conf"
        default-domain: "acadiau.ca"
auth "default" {
        hosts: "*.acadiau.ca,131.162.*"
        default: "local-user at acadiau.ca"
# ordinary users
access "default" {
        # users can read/post to all but our internal newsgroups.
        users: "*"
        newsgroups: "*"
        access: "Read Post"

Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
Systems Administrator @ hub.org 
primary: scrappy at hub.org           secondary: scrappy@{freebsd|postgresql}.org 

More information about the inn-workers mailing list