Date: 26 Feb 1995 06:32:05 +1100

  It would be trivial to hack nn to first look elsewhere for the
  user's init file--which would be owned by root with 644 permissions
  in a directory owned by root with 711 permissions.  The init file
  would have the user's name so the right one would be chosen.  If
  this special init file was found, then the `G' command could be
  disallowed.

  Of course, unless the news spool is also protected, the users can
  read the articles with other tools, so you'd also need to make nn
  setgid and the news spool directories only accessible to that group.
  This avoids the problem of users building their own nn, since they
  can't make it setgid.

From: Bill Wohler <wohler@newt.com>
Date: Sun, 2 Jun 1991 21:56:45 -0700

  Diffs are unfortunately not included, but this is what you can do:

  o Set shell-restrictions in the setup file.
  o Set and lock *every* variable which is used to execute commands.
  o Modify the source to avoid display/save/print files above the
    home-directory if shell-restrictions is set (mainly in save.c).
  o Modify the source to avoid changing directories if shell-restrictions
    is set.
  o Modify the source to avoid showing the contents of locked variables.

  In particular, the following variables should be locked:

  backup-folder-path, backup-suffix, bug-report-address, decode-header-file,
  editor, folder, inews, mail, mail-record, mailer, news-record, newsrc,
  pager, patch-command, printer, record, spell-checker, unshar-header-file

© 2008 FAQS.ORG. All rights reserved.