https://gitlab.synchro.net/main/sbbs/-/issues/831#note_7007

Holy cow! I can connect to any file area for any network my hub is carrying, how generous of them!

I'm sure that's not meant to happen and would call this quite a security hole. Any chance of a quick fix for this?

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/issues/831#note_7008

I don't think so quick fix or workaround until disable the filefix areas.
I think it is necessary to modify sbbsecho/tickitcfg/tickfix
Aside from the security issue, it bothers me that cross-access to areas between different FTN networks can be mixed.

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Holy cow! I can connect to any file area for any network my hub is carrying, how generous of them!

I'm sure that's not meant to happen and would call this quite a security

ole.

Any chance of a quick fix for this?

I noticed this a while back when some of the othernet nodes started pulling FIDO file echoes from here. With it being FIDO I didn't think too much of
it. However, some of the Othernet NCs might not like the idea of their
file echoes being carried by non-members.

I would be willing to try to assist in testing this one.


* SLMR 2.1a * "Television! Teacher, Mother, Secret Lover..." - Homer
---
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Hey Mike!

On Thu, Apr 10 2025 09:25:00 -0500, you wrote:

I noticed this a while back when some of the othernet nodes started
pulling FIDO file echoes from here. With it being FIDO I didn't
think too much of it. However, some of the Othernet NCs might not
like the idea of their file echoes being carried by non-members.

I would be willing to try to assist in testing this one.

If you're running Synchronet as a hub for multiple networks, you need to create separate echolists for each network. You can export them from SCFG as 'backbone.na' format (I think that's the format that just shows the echotag and description). Then in echocfg, you have to set those as your "EchoLists" with a key and the associated node number. This way, only the echolist(s) with the group/keys your link is setup for, will be shown to them.

Most other tossers work like this in some form, also. However, sbbsecho requires you to manually setup your lists, instead of matching groups (groups in HPT is the same as keys for sbbsecho) and pulling from a config file for you, like HPT does.

It was definitely an eye opener when I saw it for the first time, too. ;)

Regards,
Nick

... Sarcasm: because beating people up is illegal.
---
ï¿­ Synchronet ï¿­ _thePharcyde telnet://bbs.pharcyde.org (Wisconsin)

Hey Accession!

On Thu, Apr 10 2025 17:53:35 -0500, you wrote:

Hey Mike!

On Thu, Apr 10 2025 09:25:00 -0500, you wrote:

It was definitely an eye opener when I saw it for the first time,
too. ;)

Sorry, I just realized file distribution may not have this same feature that echomail does.. since 'tickit' is somewhat of a separate entity. If it does, I don't know about it.

Regards,
Nick

... Sarcasm: because beating people up is illegal.
---
ï¿­ Synchronet ï¿­ _thePharcyde telnet://bbs.pharcyde.org (Wisconsin)

Re: Re: wishlist: tickfix restric
By: Accession to Mike Powell on Thu Apr 10 2025 05:53 pm

Most other tossers work like this in some form, also. However, sbbsecho requires you to manually setup your lists, instead of matching groups (groups in HPT is the same as keys for sbbsecho) and pulling from a config file for you, like HPT does.

How does HPT associate echoes with groups?
--
digital man (rob)

Rush quote #86:
Follow men's eyes as they look to the skies .. Jacob's Ladder
Norco, CA WX: 82.3øF, 27.0% humidity, 11 mph W wind, 0.00 inches rain/24hrs
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Accession wrote to All <=-

It was definitely an eye opener when I saw it for the first time,
too. ;)

Sorry, I just realized file distribution may not have this same feature that echomail does.. since 'tickit' is somewhat of a separate entity.
If it does, I don't know about it.

The file echos do not have this feature, and that is indeed what was
being asked about. We'd like to have "echolists" also for the file
areas (tickit/filefix).



... Gone crazy, be back later, please leave message.
--- MultiMail/Linux v0.52
þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

I noticed this a while back when some of the othernet nodes started pulling FIDO file echoes from here. With it being FIDO I didn't
think too much of it. However, some of the Othernet NCs might not
like the idea of their file echoes being carried by non-members.

I would be willing to try to assist in testing this one.

Most other tossers work like this in some form, also. However, sbbsecho requires you to manually setup your lists, instead of matching groups (groups in HPT is the same as keys for sbbsecho) and pulling from a config file for you, like HPT does.

It was definitely an eye opener when I saw it for the first time, too. ;)

That is for the message echoes. I don't think the *file* echoes work that
way. If they do, it is not well documented (or wasn't the last time I
checked, which has been a while).


* SLMR 2.1a * Usually a man with flowers has deflowering in mind...
---
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Mike Powell wrote to ACCESSION <=-

That is for the message echoes. I don't think the *file* echoes work
that way. If they do, it is not well documented (or wasn't the last
time I checked, which has been a while).

That is correct, the file echos do not have this feature, at this time.

Hopefully one day. ;-)



... Backup not found: (A)bort (R)etry (P)anic
=== MultiMail/Linux v0.52
--- SBBSecho 3.23-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (1:135/115)
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hey Digital!

On Thu, Apr 10 2025 19:09:31 -0500, you wrote:

How does HPT associate echoes with groups?

As far as I can tell, you specify your address in the main husky config file:

address 723:1/1

Then, I have an include file called "areas" which uses something like this before listing the Dovenet echos:

echoareadefaults -a 723:1/1 -g DOVE -lr 10 -lw 10 -dupecheck move -dupehistory 365 -tooold 30 -sbkeepall

While that's for HPT (echomail/netmail), it also works for HTICK with file areas, another include file here named htick_cfg (I didn't use "fileareadefaults" like I did with echoareadefaults when I made this years ago, so each 'filearea' line has the defaults in them:

filearea NODELIST /home/fido/files/nodelist -a 1:154/10 -d "ADM: Current Fidonet Nodelist in ZIP format" -g FN -lr 10 -lw 20 <links ...>

When I setup a link, I give them access to the group, ie:

accessgrp DOVE

Then, whatever magic happens in the background, when a link does an Areafix/Filefix request, it only displays message areas via Areafix (or file areas via Filefix) the link has access to, in this case only echos belonging to group DOVE would be displayed.

When I originally setup Synchronet as a hub system, I had read up on the "keys" options and figured you were doing the exact same thing. Then I realized I had to create separate lists for each network, which wasn't a hassle or anything, just not what I was used to.

Either way, I misread the OP and didn't realize it until I had already sent the message off. He was referring to hubbing/hosting file areas which doesn't seem to have similar options with the "Keys" keyword and same kind of setup, at the moment. To be honest, I've never setup hosted file areas on Synchronet, so I'm looking to learn something here, too. ;)

Regards,
Nick

... Sarcasm: because beating people up is illegal.
---
ï¿­ Synchronet ï¿­ _thePharcyde telnet://bbs.pharcyde.org (Wisconsin)

Hey Gamgee!

On Fri, Apr 11 2025 00:54:58 -0500, you wrote:

The file echos do not have this feature, and that is indeed what was
being asked about. We'd like to have "echolists" also for the file
areas (tickit/filefix).

Even better, there's echocfg, how about a 'filecfg' or something similar. Basically be able to setup hosting file areas the exact same way as message areas?

Regards,
Nick

... Sarcasm: because beating people up is illegal.
---
ï¿­ Synchronet ï¿­ _thePharcyde telnet://bbs.pharcyde.org (Wisconsin)

Hey Mike!

On Fri, Apr 11 2025 09:31:00 -0500, you wrote:

That is for the message echoes. I don't think the *file* echoes work that way. If they do, it is not well documented (or wasn't the last time I checked, which has been a while).

Correct, and as I'm sure you found out, I realized I wasn't on the same page as you *after* I hit save.. and corrected myself right away. ;)

Regards,
Nick

... Sarcasm: because beating people up is illegal.
---
ï¿­ Synchronet ï¿­ _thePharcyde telnet://bbs.pharcyde.org (Wisconsin)

Re: Re: wishlist: tickfix restric
By: Accession to Gamgee on Fri Apr 11 2025 06:30 pm

Hey Gamgee!

On Fri, Apr 11 2025 00:54:58 -0500, you wrote:

The file echos do not have this feature, and that is indeed what was being asked about. We'd like to have "echolists" also for the file
areas (tickit/filefix).

Even better, there's echocfg, how about a 'filecfg' or something similar. Basically be able to setup hosting file areas the exact same way as message areas?

I think that'd be tickitcfg.js.
--
digital man (rob)

Rush quote #10:
To you, is it movement or is it action? Is it contact or just reaction?
Norco, CA WX: 82.5øF, 24.0% humidity, 14 mph W wind, 0.00 inches rain/24hrs
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hey Digital!

On Fri, Apr 11 2025 19:55:01 -0500, you wrote:

Even better, there's echocfg, how about a 'filecfg' or something similar.
Basically be able to setup hosting file areas the exact same way as message
areas?

I think that'd be tickitcfg.js.

Ah ok. I didn't know that was a thing.

Does that mean you eventually plan on converting echocfg to JS also?

Regards,
Nick

... Sarcasm: because beating people up is illegal.
---
ï¿­ Synchronet ï¿­ _thePharcyde telnet://bbs.pharcyde.org (Wisconsin)

Accession wrote to Gamgee <=-

The file echos do not have this feature, and that is indeed what was
being asked about. We'd like to have "echolists" also for the file
areas (tickit/filefix).

Even better, there's echocfg, how about a 'filecfg' or something
similar. Basically be able to setup hosting file areas the exact same
way as message areas?

Nah, I'd pass on that to get the "FILELIST" functionality. The <..>cfg utilities are just front-ends to the config files, and not really
needed. I wouldn't even use that, as I just edit sbbsecho.ini manually
anyway as it is, rather than running echocfg. Editing tickit.ini is not difficult.




... So easy, a child could do it. Child sold separately.
--- MultiMail/Linux v0.52
þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

Digital Man wrote to Accession <=-

The file echos do not have this feature, and that is indeed what was being asked about. We'd like to have "echolists" also for the file
areas (tickit/filefix).

Even better, there's echocfg, how about a 'filecfg' or something similar. Basically be able to setup hosting file areas the exact same way as message areas?

I think that'd be tickitcfg.js.

Yes, that's for editing tickit.ini, but we're hoping for a file-echo equivalent of the functionality of 'echolists' for message echos.
There are a couple of open feature requests on this... ;-)



... Gone crazy, be back later, please leave message.
--- MultiMail/Linux v0.52
þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

Hey Gamgee!

At some point, you wrote:

Nah, I'd pass on that to get the "FILELIST" functionality. The <..>cfg utilities are just front-ends to the config files, and not really
needed. I wouldn't even use that, as I just edit sbbsecho.ini manually anyway as it is, rather than running echocfg. Editing tickit.ini is not
difficult.

Understood. I also had no idea there was already a front end to tickit.ini, either. So, I'm learning as I go here.

I've kind of meshed my hub operations with Synchronet in regards to file processing. The hub (husky) takes care of the TIC files, and Synchronet just adds them to the bbs with 'addfiles' even up to and including processing files.bbs. I set this all up long before 'tickit' and it's counterparts were around, so I'm paying attention to this discussion for a reason, as well as assuming incorrectly on a few things. :)

Regards,
Nick

... Sarcasm: because beating people up is illegal.
---
ï¿­ Synchronet ï¿­ _thePharcyde telnet://bbs.pharcyde.org (Wisconsin)

Re: Re: wishlist: tickfix restric
By: Accession to Digital Man on Fri Apr 11 2025 08:16 pm

Hey Digital!

On Fri, Apr 11 2025 19:55:01 -0500, you wrote:

Even better, there's echocfg, how about a 'filecfg' or something similar.
Basically be able to setup hosting file areas the exact same way as message
areas?

I think that'd be tickitcfg.js.

Ah ok. I didn't know that was a thing.

Does that mean you eventually plan on converting echocfg to JS also?

No. I didn't write tickit or tickitcfg. :-)
--
digital man (rob)

Rush quote #69:
He's a writer and a ranger, and a young boy bearing arms .. New World Man Norco, CA WX: 76.9øF, 44.0% humidity, 4 mph SSW wind, 0.00 inches rain/24hrs ---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

El 10/4/25 a las 19:53, Accession (VERT/PHARCYDE) escribió:

Hey Mike!

On Thu, Apr 10 2025 09:25:00 -0500, you wrote:

> I noticed this a while back when some of the othernet nodes started
> pulling FIDO file echoes from here. With it being FIDO I didn't
> think too much of it. However, some of the Othernet NCs might not
> like the idea of their file echoes being carried by non-members.

> I would be willing to try to assist in testing this one.

If you're running Synchronet as a hub for multiple networks, you need to create separate echolists for each network. You can export them from SCFG as 'backbone.na' format (I think that's the format that just shows the echotag and description). Then in echocfg, you have to set those as your "EchoLists" with a key and the associated node number. This way, only the echolist(s) with the group/keys your link is setup for, will be shown to them.

Most other tossers work like this in some form, also. However, sbbsecho requires you to manually setup your lists, instead of matching groups (groups in HPT is the same as keys for sbbsecho) and pulling from a config file for you, like HPT does.

It was definitely an eye opener when I saw it for the first time, too. ;)

Regards,
Nick

Hi! echos for message areas don't have the problem. This work fine with echolists . I already use it for each network

The issue is with the file areas.
These areas pusblished via filefix don't have "filelist's" like to
control what user can connecto to
---
ï¿­ Synchronet ï¿­ Dock Sud BBS TLD 24 HS - bbs.docksud.com.ar

El 11/4/25 a las 02:54, Gamgee (VERT/PALANTIR) escribió:

Accession wrote to All <=-

> It was definitely an eye opener when I saw it for the first time,
> too. ;)

Ac> Sorry, I just realized file distribution may not have this same feature
Ac> that echomail does.. since 'tickit' is somewhat of a separate entity.
Ac> If it does, I don't know about it.

The file echos do not have this feature, and that is indeed what was
being asked about. We'd like to have "echolists" also for the file
areas (tickit/filefix).

YEAH!
---
ï¿­ Synchronet ï¿­ Dock Sud BBS TLD 24 HS - bbs.docksud.com.ar

El 12/4/25 a las 00:52, Gamgee (VERT/PALANTIR) escribió:

Digital Man wrote to Accession <=-

> > The file echos do not have this feature, and that is indeed what was
> > being asked about. We'd like to have "echolists" also for the file
> > areas (tickit/filefix).

> Even better, there's echocfg, how about a 'filecfg' or something similar.
> Basically be able to setup hosting file areas the exact same way as message
> areas?

DM> I think that'd be tickitcfg.js.

Yes, that's for editing tickit.ini, but we're hoping for a file-echo equivalent of the functionality of 'echolists' for message echos.
There are a couple of open feature requests on this... ;-)

... Gone crazy, be back later, please leave message.
--- MultiMail/Linux v0.52
� Synchronet � Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

I put some ideas at gitlab issue, i tink that is not hard to implement
with little mods of the code

https://gitlab.synchro.net/main/sbbs/-/issues/831
---
ï¿­ Synchronet ï¿­ Dock Sud BBS TLD 24 HS - bbs.docksud.com.ar

Ragnarok wrote to All <=-

El 12/4/25 a las 00:52, Gamgee (VERT/PALANTIR) escribi}|:

Digital Man wrote to Accession <=-

> > The file echos do not have this feature, and that is indeed what was
> > being asked about. We'd like to have "echolists" also for the file
> > areas (tickit/filefix).

> Even better, there's echocfg, how about a 'filecfg' or something

similar.

> Basically be able to setup hosting file areas the exact same way as

messag

e

> areas?

DM> I think that'd be tickitcfg.js.

Yes, that's for editing tickit.ini, but we're hoping for a file-echo equivalent of the functionality of 'echolists' for message echos.
There are a couple of open feature requests on this... ;-)

... Gone crazy, be back later, please leave message.
--- MultiMail/Linux v0.52
n.' Synchronet n.' Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

I put some ideas at gitlab issue, i tink that is not hard to implement with little mods of the code

https://gitlab.synchro.net/main/sbbs/-/issues/831

Yep, hopefully this will get some love...! :-)



... Gone crazy, be back later, please leave message.
--- MultiMail/Linux v0.52
þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL