[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[leafnode-list] Re: Spool permissions in leafnode-2



Hi Adam,

Am 08.04.2009, 14:21 Uhr, schrieb Adam Funk <a24061@xxxxxxxxxxxxx>:

> After upgrading from leafnode 1.11 to 2, I noticed (while trying to
> grep for something) that the individual message files now have 600
> permissions rather than 644.  In this list's archive I found the
> threads 2006-08 "[alpha] permission change for news spool" and 2005-08
> "leafnode-2.0.0.alpha20050810a snapshot available".
>
> I understand that leafnode-2 supports client access only through NNTP,
> and that making the files 644 would let malicious users add unwanted
> hard links.  But I still have two questions.
>
>
> 1. If I'm willing to use looser read permissions ("trusted users"), is
>    there any secret config option to make newly fetched articles 640
>    rather than 600?  Or would I have to chmod them after running
>    fetchnews?

Hm - I was under the impression we're doing that already (actually 0660 &  
~umask), but indeed it's 0600. That's unintentional, but will likely need  
a fix in several places.

> 2. At the end of [1] it says "(leafnode-1 tracks the seen Message-IDs
>    as it offers spool access officially, leafnode-2 doesn't, so
>    removing user access to the spool is the natural fix.)" --- I don't
>    understand what "tracks the seen Message-IDs" means --- does this
>    refer to part of texpire's operation?

Indeed it does.

Leafnode-1 and -2 currently use roughly the same spool format:
Assuming an instact spool, each article has at least two links, one in the  
message.id/NNN/ (*) directory, and one in the news/group/ directories (or  
more if an article is cross-posted to multiple groups you're subscribed  
to).

texpire works in two phases. Phase 1 will look at when the threads in a  
particular newsgroup were last read and unlink those links from the  
news/group/ directories that are past expiry date for the group. After  
that, in phase 2, it will traverse the message.id/ directories and unlink  
all files that have just one link.

Since the link count is unreliable with a world-readable newsspool:  
leafnode-2 does not make these directories or articles world-readable and  
continues to use the link count.

Leafnode-1 was designed to offer a traditional (i. e. world-readable)  
spool and cannot use the link count. Instead, it records the Message-IDs  
of articles it kept during the 1st phase, creating up to 1,000 files named  
message.id/NNN/mids - this is the "tracks the seen Message-IDs" part that  
you quoted - and these "mids" files get reused in phase 2. The IDs listed  
in these "mids" files are protected from expiry, the other files are  
removed. This security fix is in place since 1.9.52 which was released 5  
years and 5 days ago.

(*)  NNN is calculated by a cheapo hash function that changed in the very  
early 2.0 snapshots, thus the need to run texpire -r after a 1->2 upgrade.

> (BTW, I really like the new features in leafnode-2, especially the
> stuff that supports slrn's find-children and reconstruct-thread
> commands, as well as "fetchnews -M <mid>".)

Glad you like it. :-)

-- 
Matthias Andree
-- 
_______________________________________________
leafnode-list mailing list
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
https://www.dt.e-technik.uni-dortmund.de/mailman/listinfo/leafnode-list
http://leafnode.sourceforge.net/