Newsgroups: news.software.b
Path: utzoo!henry
From: henry@utzoo.uucp (Henry Spencer)
Subject: Re: setuid relaynews in C news
Message-ID: <1990Feb5.171912.8316@utzoo.uucp>
Organization: U of Toronto Zoology
References: <1990Feb2.024254.18816@lighthouse.com> <1990Feb2.165403.17374@utzoo.uucp> <1990Feb5.032137.4854@NCoast.ORG>
Date: Mon, 5 Feb 90 17:19:12 GMT

In article <1990Feb5.032137.4854@NCoast.ORG> allbery@ncoast.ORG (Brandon S. Allbery) writes:
>Wouldn't it be better to allow /usr/lib/news/bin/config to override the C
>pathname functions, and only renounce setuid if either (a) the environment is
>used to override it or (b) an alternative config file is specified, presumably
>via the environment or a (new) command-line option? ...

The problem is that the C configuration stuff came first, and .../bin/config
was somewhat of an afterthought.  I am in the process of rethinking this.
You're correct that there is no hazard unless (a) or (b) is involved.

There is a lesser problem in that things like manual pages know the paths,
and it's not so easy for them to pick up the config file.
-- 
SVR4:  every feature you ever |     Henry Spencer at U of Toronto Zoology
wanted, and plenty you didn't.| uunet!attcan!utzoo!henry henry@zoo.toronto.edu