Path: utzoo!utgpu!watserv1!maytag!watcsc!ross From: ross@watcsc.uwaterloo.ca (Ross Ridge) Newsgroups: news.software.b Subject: Re: "fascist" option (or posting security) Reply-To: ross@contact.uucp (Ross Ridge) Message-ID: Date: 6 May 91 19:25:53 EDT In article <1991May1.124919.8706@ohm.york.ac.uk> nigelm@ohm.york.ac.uk (Nigel Metheringham) writes: >So, why can't we knock the setuid bits off relaynews, and then add a >small setuid (news) program (maybe called injectnews), which is the >one called by inews... >injectnews checks the current UID against a stop list (or for the >really fascist, against a valid posters list). If it accepted >someone then it could be passed on to relaynews... On Contact we have programme that does just that (been using since the alpha release of Cnews). We call it censor, as it can accept, reject and hold (for human censorship) news articles by user and newsgroup. henry@zoo.toronto.edu (Henry Spencer) writes: >It's a viable approach. However, you need to be careful to guard against >several other back doors. For example, on a system named (say) utzoo, it >is quite possible to do > cat myarticle | uux - utzoo!rnews >and have the article processed as if it came in from outside. We also have a guard programme for uux. We don't have to worry about NNTP but it's potential back door at other sites. If all fails users can always mail their articles to some-news-group@ucbvax... Ross Ridge