Path: utzoo!attcan!dptcdc!tmsoft!mcl!stacy From: stacy@mcl.UUCP (Stacy L. Millions) Newsgroups: comp.sources.d Subject: Re: alt.sources archiving Summary: but moderators are not immune to accidents Message-ID: <599@mcl.UUCP> Date: 24 Mar 89 16:18:46 GMT References: <448@ssbell.UUCP> <2165@helios.ee.lbl.gov> Organization: Millions Computing Ltd., Regina, SK, Canada Lines: 37 In article <2165@helios.ee.lbl.gov>, jef@ace.ee.lbl.gov (Jef Poskanzer) writes: > Everyone keeps failing to see the security issue. All right, I'll be > specific: if you are doing automatic archiving using filenames > contained in or in any way derived from the postings, then you are > vulnerable to having your archive overwritten. So your automatic archiving program should check to see if it is going to overwrite a file before it does so. This is not particuliarly difficult to do. I didn't even think of *NOT* doing it when I wrote my archiver. > Or there could be an accidental name-space collision. This is not a > problem with the moderated sources groups -- I assume that all the > moderators always check whether a name has been used before assigning > it -- but it would definitely be a problem with an unmoderated sources > group such as alt.sources. Oh yeah, remember alt.sources? That's what > we are talking about here. Accidents do happen (wasn't it "sao" that got out of whack). Then there are reposts of gibbled postings, not all postings show up in the proper order. Are you going to blindly assume that just because it got to your system last, it is the most recent. About once every couple months my archiver tells me there is a file name collision for some reason or another, and then I have to descide which one I really want. We live in an imperfect world, usenet is inperfect as well (but atleast it is better than _reality_ :-), so why not do some error checking instead of "assume[ing] that all the moderators always check whether a name has been used before assigning it" -stacy -- "You should not drink and bake." - Arnold Schwarzenegger, _Raw Deal_ S. L. Millions ..!tmsoft!mcl!stacy