LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Our LISTSERV conversion experience - VM to AIX

David R Nessl <[log in to unmask]>

Sun, 29 Jun 1997 10:53:09 -0400

TEXT/PLAIN (55 lines)

On Sun, 29 Jun 1997, Eric Thomas wrote:
> On Sun, 29 Jun 1997 10:02:07 -0400 David R Nessl <[log in to unmask]> said:
> >The technical  problem in  Unix is  symlinks: a  clever user  could move
> >their /u/username/list-archives  directory to  another place  and create
> >the symlink /u/username/list-archives -> newplace.
>
> That assumes  the user owns another  directory on the system  that is not
> within the  /u/username tree, which on  a normal system would  not be the
> case.

No, it could be moved to another subdirectory under their own home
directory, eg. /u/username/hidden-archives.  That's the same filesystem,
and there's no need for it to be world-writable.

> >Then, LISTSERV's  archive writing  would still work  but the  `chown -R`
> >would not.
>
> Just write your own program that traverses symbolic links, it should take
> about  30 min.

OK, so someone moves their list-archive directory and then symlinks to
/etc/passwd or to LSVROOT; then later your suggested ownership-changer
program runs and gives the user ownership of files he shouldn't have.  I
don't think so.

At this point I realize I'm not going to convince you to create the exit,
but I hope you at least recognize the reality of the problem, i.e. it
can't reliably be fixed by later processing.

> An even simpler alternative would be to
> put the per-user directory somewhere that  the users can't access at all.

How?  If end-users own the files (in order to get the charging right),
then because of the single directory tree in Unix those files will always
be a accessible by the owners.

> It  is actually  a very  bad idea  to put  these files  under a  Joe User
> directory where they can be manipulated  randomly by someone who does not
> necessarily  understand what  these  files  are for  and  how they  work.
> LISTSERV assumes  that the files are  not being tampered with  by a third
> party while it uses them. I'll bet a large sum that the average user will
> assume that the digest file is  here to be freely edited without worries,
> that these  weird large unprintable  dbwhatever files are designed  to be
> removed so you can save disk space, and that the other log files can also
> be edited freely and without precaution. Then you'll be wondering why you
> get strange errors in  your LISTSERV log :-) I just  don't see any reason
> to give users a free run on these files.

That's a valid concern.  So we should leave those small files
(LISTNAME.dbXXXX) owned by listserv, but change the ownership on the
really big files, i.e. the LISTNAME.logXXXX files, for charging.

David R Nessl  -- Coordinator, Computer Systems (sysprog/sysadmin)
http://www.nerdc.ufl.edu/~david

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM