Opened 11 years ago

Closed 10 years ago

#38 closed enhancement (fixed)

Check Newsgroups header of cancel messages

Reported by: eagle Owned by: eagle
Priority: low Milestone: 2.5.1
Component: innd Version:
Severity: wishlist Keywords:
Cc:

Description

A patch from Christopher Biedl to alter ARTcancelverify to check whether at least one group in the cancel message can be found in article to be canceled.

Attachments (1)

verifycancel-newsgroups.patch (2.4 KB) - added by eagle 11 years ago.
Patch against INN 2.4.1

Download all attachments as: .zip

Change History (4)

Changed 11 years ago by eagle

Patch against INN 2.4.1

comment:1 Changed 11 years ago by Julien ÉLIE

Maybe this feature should be added to the check already done on Sender: and From: headers. (This patch currently removes that check.)

comment:2 Changed 10 years ago by Julien ÉLIE

Milestone: 2.5.1

According to RFC 5537 (USEPRO):

Contrary to RFC 1036 (Horton, M. and R. Adams, “Standard for interchange of USENET messages,” December 1987.), cancel control messages are not required to contain From and Sender header fields matching the target message. This requirement only encouraged cancel issuers to conceal their identity and provided no security.

The check done on Sender: and From: headers can therefore be removed.

comment:3 Changed 10 years ago by Julien ÉLIE

Resolution: fixed
Status: newclosed

(In [8564]) A patch from Christopher Biedl to alter ARTcancelverify
to check whether at least one group in the cancel message
can be found in the article to be cancelled.

The check for matching Sender: and From: headers is useless
and removed.

close #38

Note: See TracTickets for help on using tickets.