[INN-COMMITTERS] STABLE-2_3 inn/innfeed (misc.c)

Forrest J. Cavalier III mibsoft at epix.net
Fri Jun 30 05:39:40 UTC 2000

I wrote:

> Untrusted non-user-news data can get into many places in innd
> and innfeed (which are setuid programs) through the configuration
> file, which can be changed via an environment variable.

That statement was not precise enough....I'll try again, even
though it is quite late....

If the SUID programs inndstart and startinnfeed are executable by
users other than the news user, malicious users may be able
to get untrusted data into many places in innd and innfeed by
using an environment variable to change the configuration file
(which is read at startup.)

As INN generally does not thoroughly check its configuration data,
it may be possible to perform arbitrary tasks as the news user
under these conditions.

Make sure your inndstart and startinnfeed have appropriate
permissions and ownerships to prevent problems.

More information about the inn-workers mailing list