innd 2.2.2 remote buffer overflow

Russ Allbery rra at
Tue Jun 6 21:00:05 UTC 2000

Michal Zalewski <lcamtuf at> writes:
> On 6 Jun 2000, Russ Allbery wrote:

>> Note that this code is only ever executed if the option "verifycancels"
>> is enabled in inn.conf.  This is *not* the default, and has been
>> recommended against for some time now since it really doesn't do any
>> real good.

> It is enabled by default in RH,

That's a bug in Red Hat's configuration in my opinion as one of the
maintainers of INN.

> and usually is enabled on live innd sites.

Not by anyone who follows the advice of the documentation.

I'll repeat:  As one of the maintainers of INN, I strongly recommend that
people not use verifycancels; it serves no useful purpose, the behavior
that it enables is disallowed by the latest draft of the Usenet article
format standard, and it's likely to go away completely in INN 2.4.

I've not had it turned on on any of my servers for years now.

Russ Allbery (rra at             <>

More information about the inn-workers mailing list