Trojan horse FIX for Rnmail and Pnews
Brandon S. Allbery
allbery at ncoast.UUCP
Wed Dec 14 09:17:20 AEST 1988
As quoted from <6811 at rosevax.Rosemount.COM> by news at rosevax.Rosemount.COM (News administrator):
+---------------
| > = Guy Harris
| >If you insist on sticking "+set nomodeline" here, rather than in the
| >user's ".exrc" where it belongs...
|
| No, it belongs in any code that puts uncontrolled text into a file
| and executes a "vi"-like editor. A number of vi's have "modeline"
| on by default, and many people don't know about it. If Pnews can be
| made more robust, it should be.
+---------------
And just how does this protect the superuser who edits /etc/passwd when
someone's username ends with "ex", etc.?
Pnews is not the only culprit, and you can't catch *all* programs that might
do it. (And if you propose blocking "ex[colon]" sequences in the password
file, you'll be in for a lot of hate mail....) The proper place to put it
is $HOME/.exrc; it should be in the .exrc that is copied in for new users
(assuming that everyone uses a program/shell script/whatever to install new
users; a shell script, at least, is trivial).
+---------------
| Now for a different question... any other common editors (emacs, etc) with
| a similar hook? Any way to disable it?
+---------------
Emacs (FULL emacs, NOT Jove/Microemacs/mg/etc.) has a feature for modifying
the editor's settings from a loaded file; but invoking it is non-trivial
(you need a VERY fancy sequence in the file) and it won't execute
generalized commands (s-expressions) (at least, I *think* it won't...) so
it's nowhere near as dangerous.
++Brandon
(P.S. And just how does your Pnews fix change what /usr/bin/postnews does?)
--
Brandon S. Allbery, comp.sources.misc moderator and one admin of ncoast PA UN*X
uunet!hal.cwru.edu!ncoast!allbery <PREFERRED!> ncoast!allbery at hal.cwru.edu
allberyb at skybridge.sdi.cwru.edu <ALSO> allbery at uunet.uu.net
comp.sources.misc is moving off ncoast -- please do NOT send submissions direct
Send comp.sources.misc submissions to comp-sources-misc@<backbone>.
More information about the Comp.unix.wizards
mailing list