Xref: utzoo news.sysadmin:1928 news.admin:4272
Newsgroups: news.sysadmin,news.admin
Path: utzoo!henry
From: henry@utzoo.uucp (Henry Spencer)
Subject: Re: rnews: security hole. Too bad.
Message-ID: <1988Dec13.204748.21179@utzoo.uucp>
Organization: U of Toronto Zoology
References: <1219@altger.UUCP>
Date: Tue, 13 Dec 88 20:47:48 GMT

In article <1219@altger.UUCP> blue@altger.UUCP (blue) writes:
>Well, it seems that UUCP  &C. really lack on security..
>I just realized that a registered node on a unix system, which
>is NOT authorized to get News of ANY kind, can on the contrary
>SEND any news-message ANYWHERE on ANY distribution.

This problem has been known for a long time.  Exercise for the reader:
devise a good fix.  Remember that the would-be news forger may be the
system administrator on his own machine.

It's a very hard problem.
-- 
SunOSish, adj:  requiring      |     Henry Spencer at U of Toronto Zoology
32-bit bug numbers.            | uunet!attcan!utzoo!henry henry@zoo.toronto.edu