Path: utzoo!utgpu!utstat!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ukma!xanth!lll-winken!uunet!ssbell!kent From: kent@ssbell.UUCP (Kent Landfield) Newsgroups: comp.sources.d Subject: Re: Archiving Sources Message-ID: <449@ssbell.UUCP> Date: 23 Mar 89 08:16:01 GMT References: <448@ssbell.UUCP> <2165@helios.ee.lbl.gov> Reply-To: kent@ssbell.UUCP (Kent Landfield) Organization: Sterling Software, FSG-IMD, Bellevue, NE. Lines: 104 Warning: This is long! Jef Poskanzer in <2165@helios.ee.lbl.gov> writes: # In the referenced message, kent@ssbell.UUCP (Kent Landfield) wrote: # }I really fail to see a security issues problem as long as archivers do not # }use absolute paths. # # Everyone keeps failing to see the security issue. All right, I'll be # specific: if you are doing automatic archiving using filenames # contained in or in any way derived from the postings, then you are # vulnerable to having your archive overwritten. Automatic archivers *should* be smart enough to recognize that condition. Store the file in a newsgroup "problems" directory using the article number as the file name and then send mail to the archive administrator alerting them to the problem. It then becomes a manual problem for review and correction. This also solves the accidental name-space collision. Duplicate filenames have happened in moderated groups mainly when volume/issue numbers are duplicated accidentally. Sites that use volume/issue archiving have had to deal with that more then the archive/name sites. This is not really a problem (as long as your archiver can handle it :-)) since it happens soooo seldom. Larry Wall in <4632@jpl-devvax.JPL.NASA.GOV> writes: # Just so's you remember that ../../../../../../../../../../../etc/passwd # is effectively an absolute path. Absolutely!! Sorry... How many of you have taken a good look at your archiving lately? # If you are archiving to a directory that might have had a foreign makefile # run in it, you'd best think a bit about symbolic links too. My personal opinion is that archive directories should be just that. No testing, compiling, etc. should be done in the archive directories. Jef Poskanzer in <2165@helios.ee.lbl.gov> writes: # In the referenced message, kent@ssbell.UUCP (Kent Landfield) wrote: # }Jef Poskanzer in <10985@well.UUCP> writes: # }# What's wrong with just saving the posting in a numbered file, grepping # }# out the From: and Subject: lines to save in an index, and compressing # }# the file? # } # }Nothing is wrong with Jef's approach. It is the Message-ID method of # }archiving. # Bad name, since the filename has nothing at all to do with the Message-ID # header line in the message. Yep! **Real** bad name. How about "article number" ? # } Optimally, all source posted to any # }newsgroup would have headers specifying the appropriate information so # }that archivers could use a "meaningful name". # What's all this stuff about "meaningful names"? Why do you care what # filename a posting gets stored in? I really don't care what name a file is given. I would just like some indication that a file in a non-moderated newgroup contained sources. Yes, you can get a bunch by grepping for "/bin/sh" or "This is a shell archive". This works on postings that have multiple files. It does not work for single file postings that have not been shar'ed or sources in such groups as comp.os.vms, etc. And grepping for "#include" will get more .signatures than source.. :-) # If you are archiving any substantial # quantity of source, you have to use an index to find things anyway, so # why bother with any additional (insecure) mechanism? If you use article number archiving, an index is the *only* way to find something short of grepping through 5000+ files. By having names that reflect the contents, not only can you use the index, see what is there via 'ls', but a multi-part posting directory can be quickly copied to a target machine for compilation and testing. Multi-part postings can also be retrieved from archives via mail request software such as netlib. I'd rather mail off a "send elm" request instead of "send 1723" ... "send 1731" ... I don't know about you, but anonymous ftp to uunet (or wherever) would not be as much fun if doing a 'dir' in a comp.sources.any directory just produced a sea of numbers as filenames. In otherwords, it is exactly because I am archiving substantial quantities of sources that I need the additional mechanisms. I still fail to see a security issues problem as long as the archiver does not use absolute paths. # } I would like to see a move towards auxiliary headers on all sources # }posted to any newsgroup, whether they are moderated or not. # Well, you won't see such a move. Certainly it's easier *for you* if # everyone on the net follows the standard *you* like when posting # source; but people don't generally do what's easier *for you*. They do # what's easier *for them*. That is what I am counting on. I want them to do what is easier for them because chances are it is also probably easier for me! Answering one or two additional prompts in Pnews/postnews is petty, but would allow a truly automated archiver to be written so sources in non-moderated groups are available when they are *needed*, *not* just when they were posted. -Kent+ Kent Landfield UUCP: kent@ssbell Sterling Software FSG/IMD INTERNET: kent%ssbell.uucp@uunet.uu.net 1404 Ft. Crook Rd. South Phone: (402) 291-8300 Bellevue, NE. 68005-2969 FAX: (402) 291-4362