On Tue, 22 Jan 1991 10:01:31 SET "Christian J. Reichetzeder"
<REICHETZ@AWIIMC11> said:
>* ABC FILELIST has a generic entry of the form
> / A/> * * PRV OWN ....
You must not specify a generic entry for '* *' anywhere, as it will match
any file (obviously). This means that if someone else, downwards in the
search order, has an entry for 'ABC* MEMO', your '* *' will catch the
file before if the filelist is not specified explicitly.
>As far as I could find out the problem is within LSVSFILE. For explicit
>or implicit FILELISTs LSVSFILE starts from the root(=LISTSERV) FILELIST.
>In case the sought file is not found other FILELISTs found are searched.
>Only when the file couldn't be found in any of the FILELISTs the search
>continues for NOTEBOOKs or LOGs according to the LIST specification. If
>any FILELIST happens to contain a generic entry matching the requested
>FILELIST the search stops and authorization is given as specified in the
>generic entry.
I do not see in what way this is a problem. First, if I were to change
the code to behave as you suggest, a generic entry for '* LOG*' in XYZ
FILELIST would be ignored when looking for XYZ LOG9001, when the intent
of the list owner was, clearly, to set different GET/PUT access codes for
these files. There is no difference between '* LOG*' and '* *' in this
respect, except that the latter catches more files. Second, you are
talking about the special case of log files and implicit filelists. If
you consider the more general case of regular files, you will quickly
realize that the specification of '* *' in *any* filelist means problems
as soon as you try to store files without specifying the filelist name,
ie 'PUT MEET9102 AGENDA' rather than 'PUT MEET9102 AGENDA MINUTES'. There
is no solution to this - you did not say which filelist the file was
from, there is no way for the server to "guess" that you meant MEET9012
AGENDA from 'MEET* AGENDA' in the MINUTES filelist, not MEET9012 AGENDA
from '* *' in the XYZ filelist. This is why you should not specify '* *'
on any filelist that can be reached from the root, and if you do, you
must specify the filelist name on any file access request to avoid
problems.
What you have to understand is that LISTSERV fileids have 3 components,
and when you specify only the first 2 it is trying to guess at the third.
Most of the time there is no ambiguity, but of course nothing prevents
you from having a 'README MEMO' in 2 filelists; in that case, the user
can no longer omit the last component.
>This is not only an inconvenience but also a security exposure (...) The
>owner of ABC (FILE)LIST could specify a generic entry of * * GET=OWN and
>thus be able to retreive the logs of XYZ LIST regardless of their FACs.
No, because these are not the same files. If a match occurs for XYZ
NOTEBOOK on the ABC FILELIST, LISTSERV will search ABC FILEID for the
real CMS fileid. It will not find an entry for this file there, so it
will generate a new fileid, nnnnnnnn ABC on the designated default disk.
You can GET/PUT this file, but this is a different one from 'XYZ NOTEBOOK
XYZ'.
Eric
|