Broken rnews permissions

Miquel van Smoorenburg list-inn-workers at news.cistron.nl
Thu Nov 30 14:24:44 UTC 2000 

In article <ylitp560r5.fsf at windlord.stanford.edu>,
Russ Allbery  <rra at stanford.edu> wrote:
>
>Christopher Splinter <chris at splinter.inka.de> writes:
>> * Russ Allbery <rra at stanford.edu>:
>
>>> If you configured and installed with --enable-uucp-rnews, rnews
>>> should have been installed with 4550 permissions, owned by news
>>> and with group uucp.  Is this not what happened?
>
>> Yes, the permissions were set this way, but apparently taylor
>> UUCP didn't like them. So I think they should be changed to 2550,
>> as I said in my original mail. Or is there any reason not to do
>> this?
>
>Hm.  It should work either way, but I don't understand why Taylor UUCP
>can't cope with having it 4550.  Maybe someone with UUCP experience knows?
>
>Is 2550, owned by uucp, setgid to group news a better way of doing UUCP
>rnews?  I'd prefer it if it works as well.

rnews is started by uuxqt, which is setuid uucp, but not always setgid uucp.
If it is started by cron it usually runs as group uucp, but that doesn't
have to be the case. If uucico starts it, it might not run in group
uucp either (for example, the Debian uucico program is setgid `dialout'
so that it can access the serial devices).

So on my systems rnews is indeed

-r-xr-s---    1 uucp     news       325316 Jan  5  1999 rnews*

However this will break on systems where uuxqt is run setgid uucp,
and according to Murphy such systems exist.

So `configure' probably ought to find this out - find uuxqt, see if
it's setuid uucp or setgid uucp, adjust permissions of rnews
automatically. Build in a  list of defaults for major OSen.

Another option is to build this knowledge into rnews - make it setuid
news, executable by everyone, but refuse to run unless it's called
by root, news, uucp, someone in group uucp, or someone in group news.
Blech... That will fail if uuxqt runs with effective user-id uucp but
real user-id something else. Forget about that.

Mike.
-- 
The From: and Reply-To: addresses are internal news2mail gateway addresses.
Reply to the list or to miquels at cistron.nl (Miquel van Smoorenburg)

More information about the inn-workers mailing list