older 2.3 INN ... bug in readers.conf/nnrp?
The Hermit Hacker
scrappy at hub.org
Tue Jun 6 12:06:30 UTC 2000
Can anyone tell me if there was a security bug, maybe, in an older nnrpd
along the 2.3 strain? Or, did I screw up this very simple looking
readers.conf ... I *thought* I had it set so that anyone that had a
userid/passwd *or* was on the local campus, could connect and everyone
else was denied by default. Yet, I just found out, this has opened me up
to anyone reading *and* posting news on our server :(
## $Revision: 1.1 $
## readers.conf -- access file for NNTP readers.
auth "default" {
# allow authenticated users to read/post everywhere
hosts: "*"
default: "local-user at acadiau.ca"
auth: "radius -f /news/admin/etc/radius.conf"
default-domain: "acadiau.ca"
}
auth "default" {
hosts: "*.acadiau.ca,131.162.*"
default: "local-user at acadiau.ca"
}
# ordinary users
access "default" {
# users can read/post to all but our internal newsgroups.
users: "*"
newsgroups: "*"
access: "Read Post"
}
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy at hub.org secondary: scrappy@{freebsd|postgresql}.org
More information about the inn-workers
mailing list