Tue, 22 Jan 1991 10:01:31 SET
|
I encountered the problem on a LISTEARN server but looking into LISTSERV's
LSVSFILE there is not much difference, anyway:
Given the following:
* ABC LIST has an explicit FILELIST associated with it
* ABC FILELIST has a generic entry of the form
/ A/> * * PRV OWN ....
* XYZ LIST has only NOTEBOOKs but no explicit FILELIST.
Problem:
INDEX and GET commands for XYZ (FILELIST) fail with either "you are not
authorized" or "not yet available".
As far as I could find out the problem is within LSVSFILE. For explicit
or implicit FILELISTs LSVSFILE starts from the root(=LISTSERV) FILELIST.
In case the sought file is not found other FILELISTs found are searched.
Only when the file couldn't be found in any of the FILELISTs the search
continues for NOTEBOOKs or LOGs according to the LIST specification.
If any FILELIST happens to contain a generic entry matching the requested
FILELIST the search stops and authorization is given as specified in the
generic entry.
This is not only an inconvenience but also a security exposure. FILELIST
owners can specify whatever patterns and fileids they like since it is
expected that the postmaster controls the mapping of the filenames by
means of the XXXX FILEID files. Thus even when a filelist-owner lists
PROFILE EXEC as PUT=ALL this doesn't map to the real PROFILE EXEC.
The owner of ABC (FILE)LIST could specify a generic entry of * * GET=OWN
and thus be able to retreive the logs of XYZ LIST regardless of their
FACs.
Christian
|
|
|