Anonymous policy / New code
- To: email@example.com
- Subject: Anonymous policy / New code
- From: "Johan K. Reinalda" <johan@ECE.ORST.EDU>
- Date: Sun, 26 Jan 92 15:31:19 -0800
i agree with most arguments made here in the past few days and
have coded a few additional security things:
User-call setting is sort-a protected:
(i had this in my 0618 based stuff, but somehow got lost in the 1229 code :-) )
it does 2 checks:
A - there has to be at least one digit (0-9) in the name.
B - the name has to be settable as a call (it call setcall() )
if these 2 rules don't apply, ax.25 and netrom permissions are denied
no matter what the privs in ftpusers are.
This prevents users like 'doug' or 'johan' (no digit), or 'anonymous' (too long)
but does NOT prevent something like '4us' to go out as '4us-15' if permissions
are set such.
So be careful !
Additional mailbox privs:
NO_SENDCMD - disallow any mail other then to 'sysop' or 'SYSOP' to be send
NO_READCMD - disallow any message from being read
NO_3PARTY - disallow any 3rd party mail to be send..
These all have to be set to enable them, so you don't have to modify ftpusers
if you don't to mess with this
(see the readme.now for values, i can remember them ( i think 1024,2048 and 4096)
'netrom call' is changed to 'netrom mycall' per doug's good idea !
I added a simply 'cls' to clear the command-session screen.
Well, sources are on ucsd.edu as is the exe (wg7jsrc3 and wg7jnos3)
and suggestions, etc...