Newsgroups: news.software.b
Path: utzoo!henry
From: henry@utzoo.uucp (Henry Spencer)
Subject: Re: Cnews security
Message-ID: <1989Jun27.171443.2044@utzoo.uucp>
Organization: U of Toronto Zoology
References: <9482@b-tech.ann-arbor.mi.us> <1989Jun24.204900.24693@utzoo.uucp> <9490@b-tech.ann-arbor.mi.us> <1989Jun25.175214.13599@utzoo.uucp> <9493@b-tech.ann-arbor.mi.us>
Date: Tue, 27 Jun 89 17:14:43 GMT

In article <9493@b-tech.ann-arbor.mi.us> zeeff@b-tech.ann-arbor.mi.us (Jon Zeeff) writes:
>One weak link in the chain is all it takes.  The easy secure way is 
>for rnews (ie, the initial entry point) to be a tiny suid root program 
>(in /usr/bin or something) that does a setuid(NEWS), setgid(NEWS) 
>before execing the real rnews...

In case you haven't noticed, relaynews does those setuids immediately on
startup.  It even goes through such a tiny setuid-root program if your
system does not support setuid(geteuid()), which is the preferred way of
doing this.
-- 
NASA is to spaceflight as the  |     Henry Spencer at U of Toronto Zoology
US government is to freedom.   | uunet!attcan!utzoo!henry henry@zoo.toronto.edu