Xref: utzoo news.admin:4109 news.sysadmin:1726 comp.mail.uucp:2390 Path: utzoo!attcan!uunet!mcvax!cernvax!impch!boxdiger From: patg@impch.UUCP (Patrick Guelat) Newsgroups: news.admin,news.sysadmin,comp.mail.uucp Subject: Re: Dangerous hole in Usenet! Keywords: "it's a secret ... but they told me!" -- david dobkin Message-ID: <388@impch.UUCP> Date: 27 Nov 88 21:17:39 GMT References: <1227@vsi1.UUCP> <117@hudson.Morgan.COM> <800@mailrus.cc.umich.edu> Reply-To: patg@impch.UUCP (Patrick Guelat) Organization: ImproWare DataSystems Switzerland Lines: 23 In article <800@mailrus.cc.umich.edu> honey@citi.umich.edu (p. honeyman) writes: % the major hole has to do with handing certain news articles to % sed|sh. this preposterous move is anathema to anyone with a % semblance of concern for the integrity of his system. % % peter If we're talking about the same hole, it's easy to fix it.. I discovered it about one year ago. The Problem is, that rnews/inews executes some shellscripts..... So go and edit all this scripts and set this damned 'IFS' and 'PATH' to correct values !! Another hint: Don't make rnews executable for everyone.... Patrick -- \\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\// // Patrick Guelat, patg@impch ..!altger!impch!{boxdiger,patrick,patg} \\ \\ "LOVE DOESN'T MAKE THE WORLD GO AROUND, JUST UP AND DOWN A BIT !!!" // //\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\