Subject: Re: misc/6882: /var/spool/news should be owned by
To: Geoff Wing <>
From: Andrew Brown <>
List: netbsd-bugs
Date: 01/27/1999 19:18:50
>They'd make the hierarchy required by their servers.  And since most
>probably need a setuid root daemon to bind to the nntp port, you'd have
>to install as root anyway so you'd have access to /var/spool/news

innd has an "inndhelper" program (the exact name of which escapes me
at this point in time.  startinnd perhaps?) that, when run as root,
does three things.

1) bind the nntp port (119).
2) lose privs.
3) exec innd and pass in the (already listening?) socket.

(i wonder if there are any exploits waiting to happen there... :)

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."