Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site sask.UUCP
Path: utzoo!linus!decvax!harpo!utah-cs!sask!derek
From: derek@sask.UUCP
Newsgroups: net.news.sa
Subject: protecting news
Message-ID: <316@sask.UUCP>
Date: Sat, 10-Dec-83 14:47:00 EST
Article-I.D.: sask.316
Posted: Sat Dec 10 14:47:00 1983
Date-Received: Tue, 13-Dec-83 03:07:35 EST
Organization: University of Saskatchewan, Saskatoon Saskatchewan, Canada
Lines: 19

Has anyone protected 2.10.1 news to prevent people from reading or posting
news items?  I do not wish to discuss whether such action is acceptable
since I have no choice in the matter.  It is felt that we do not have 
sufficient terminals or resources to allow our user population of over 500
on an 11/70 to read the news.

I tried protecting /usr/spool/news and chmod setuid readnews after I changed
readnews to do a setuid(getuid()) prior to execing a shell or paging program
(which might have a shell escape in it) but then discovered that readnews
could not read the articles.  I assume it was because it tried to open the
article after it had issued the setuid(getuid()).

I would appreciate talking with anyone who has made these modifications.

Thanks.

Derek Andrew
U of Saskatchewan
{utcsrgv,alberta,utah-cs}!sask!derek