Some further tests showed that 'DELETE *' still generates unwanted messages,
although the situation HAS improved with 15N2. In particular, people who have
postmaster privilege from a REMOTE node would get one error message per list,
and the same would happen to people who specified an invalid personal
password, or to Joe users who tried to delete people on nodes for which they
don't have NAD privilege. I have made a lot of changes, and now the nasty
messages should appear only once for all the lists, instead of once per list,
and only if there was indeed someone to delete on the list (ie if you're
trying to delete X@Y from list XYZZY and he's not on, you won't be told you're
not the NAD for node Y). Now, this has an obvious side-effect: if you want to
know which lists X@Y is signed on to, you just do a DELETE * [log in to unmask] For each
list he's on, you'll get some kind of error message telling you you're not
allowed to act on his behalf, or something like this. There are only two ways
to avoid this:
1. Send the message for each list, regardless of whether X@Y is on it or not,
which we have already decided we don't want to do as it's likely to
generate very large output.
2. Never send the message, which is of course unacceptable.
To solve this problem, I have decided to issue the "complaint" message only
once per userid@node, and to remove the listname from it. This way, you will
get only one message telling you you're not a NAD for node Y, regardless of
whether or not X@Y is on any list of the local server. Obvious drawbacks:
1. If you inadvertently send a DEL * X@Y (NETWIDE without being a NAD for node
Y, you're going to get 120 messages telling you you're not a NAD for node
Y. But if I issued the message only if X@Y is on a local list, there would
be a security exposure as explained above. Note that I cannot just remove
X@Y from the list of people to delete, since you might be the owner of some
list and thus DEL * X@Y should remove X@Y from this list.
2. It takes a more CPU time, because some code which would have been skipped
if X@Y is not on the list must now be executed.
Does anybody want to try this new version out?
Eric
|