Eric Thomas <ERIC@FRECP11>
Wed, 10 Sep 1986 17:30 SET
|
Because of problems at both FRMOP11 (RSCS V2 swallowing a few NJI codes from
the file) and FRORS31 (being a JES3 node), Spain cannot reach FRECP11 (and
probably a few other nodes). We had to transfer this file via MSGXFER...
*-----------------------------------------------------------------------------*
Date: Wed, 10 Sep 1986 15:55:44 ABC
From: Jose Maria Blasco Comellas <ZCCBJBC@EB0UB011>
Subject: Open subscription and private rev
To: Distribution list <LSTSRV-L@FRECP11>
If a list is defined as Subscription= Open, setting it to Review= Private
(or Stats= xxx,Private) should have no effect. Consider the following
dialog:
tell listserv at uiucvmd stats REXX-L
R;
FROM UIUCVMD(LISTSERV): * You are not authorized to review statistics for
list REXX-L
tell listserv at uiucvmd subscribe REXX-L anyname
R;
FROM UIUCVMD(LISTSERV): * You have been added to list REXX-L
tell listserv at uiucvmd stats REXX-L
R;
FROM UIUCVMD(LISTSERV): File "REXX-L STATREPT" has been sent to you
tell listserv at uiucvmd signoff REXX-L
R;
FROM UIUCVMD(LISTSERV): * You have been removed from list REXX-L
(The same stands for the REView command)
If the list has been defined as Notify= No (which is the case for list
REXX-L at UIUCVMD) the only means of detecting such an
unauthorized (?) access is inspecting the LISTSERV's console log.
What to do? -- either define the list as validate= All Commands or
set it to Notify= Yes, so that this kind of access to the list can
be discouraged or at least detected. In any case, I think that
Subscription= Open, Validate= Store Only, Notify= No should
have priority over Review= Private and force it to Review= Public.
Any ideas?
J. M. Blasco
*-----------------------------------------------------------------------------*
My reply: DIRMAINT checks the operand of a CMS command to make sure that it can
not cause any VM READ state. "If command = 'SORT' or command = 'FORMAT' then
reject". Now if I do a EXEC ZAZA with ZAZA EXEC containing a &READ VARS, here
I go. My opinion on all that kind of problems is that if the person who sent
the command/installed the server/configured the list specified stupid options,
then the result will be stupid. You can configure a list with review= postmas-
ter, send= public, subscription= open, files= no while formcheck= yes, and
even a notebook on the D-disk (t-disk), confidential= yes but validate= store
only and pw='', etc. However, I might indicate in LISTKEYW MEMO the sets of
options that are "stupid", if that may help. Any comment?
Eric
|
|
|