Path: utzoo!mnetor!geac!alias!chk
From: chk@alias.UUCP (C. Harald Koch)
Newsgroups: news.software.b
Subject: Re: How to handle article cancellations?
Message-ID: <1991Feb7.185015.16489@alias.uucp>
Date: 7 Feb 91 18:50:15 GMT
References: <3258@litchi.bbn.com>
Sender: news@alias.uucp (USENET News)
Organization: Alias Research, Inc. Toronto ON Canada
Lines: 23

In <3258@litchi.bbn.com> rsalz@bbn.com (Rich Salz) writes:

>B news and the RFC both say that you should check the sender (or from if sender is
>blank) and make sure that the cancel message matches the article being cancelled.

Well, this is trivially insecure; when posting via NNTP, the Sender is always
news@host.dom.ain; this allows anyone on that machine to cancel articles
that were generated on that machine.

If you have hostname hiding in your NNTP routines, then this becomes merely
news@dom.ain, allowing anyone at your organization to cancel anyone else's
articles.

I agree with Henry Spencer: It's better to not check than it is to pretend
to have a level of security that you don't have.

I can see a denial-of-service problem with the propogation technique used in
CNews, but that's a whole other can of worms...

--
C. Harald Koch  VE3TLA                Alias Research, Inc., Toronto ON Canada
chk%alias@csri.utoronto.ca      chk@gpu.utcs.toronto.edu      chk@chk.mef.org
"I think you curdled my Pepsi!"-Gerry Smit, in response to sickening cuteness