Xref: utzoo news.admin:4109 news.sysadmin:1726 comp.mail.uucp:2390
Path: utzoo!attcan!uunet!mcvax!cernvax!impch!boxdiger
From: patg@impch.UUCP (Patrick Guelat)
Newsgroups: news.admin,news.sysadmin,comp.mail.uucp
Subject: Re: Dangerous hole in Usenet!
Keywords: "it's a secret ... but they told me!" -- david dobkin
Message-ID: <388@impch.UUCP>
Date: 27 Nov 88 21:17:39 GMT
References: <1227@vsi1.UUCP> <117@hudson.Morgan.COM> <800@mailrus.cc.umich.edu>
Reply-To: patg@impch.UUCP (Patrick Guelat)
Organization: ImproWare DataSystems Switzerland
Lines: 23

In article <800@mailrus.cc.umich.edu> honey@citi.umich.edu (p. honeyman) writes:
% the major hole has to do with handing certain news articles to
% sed|sh.  this preposterous move is anathema to anyone with a
% semblance of concern for the integrity of his system.
% 
% 	peter

If we're talking about the same hole, it's easy to fix it..
I discovered it about one year ago. The Problem is, that rnews/inews
executes some shellscripts.....

So go and edit all this scripts and set this damned 'IFS' and 'PATH' to
correct values !!

Another hint: Don't make rnews executable for everyone....

	Patrick

-- 
\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//
// Patrick Guelat, patg@impch ..!altger!impch!{boxdiger,patrick,patg}     \\
\\   "LOVE DOESN'T MAKE THE WORLD GO AROUND, JUST UP AND DOWN A BIT !!!"  //
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\