Zephyr configuration change required

If you are getting the URL to this page instead of your zephyrs, it means that your client uses the zephyr “default format” functionality. This functionality has been deprecated and is extremely insecure.

For most users, this can be fixed by running mv ~/.zwgc.desc ~/.zwgc.desc.old and restarting zwgc.

---

Zephyr contains a mechanism whereby a message can contain its own formatting. Unfortunately, this has some issues:

• The format includes such things as displaying the username, class, and instance. Even authenticated zephyrs can have a format that falsely claims someone else’s username.
• The default format is part of the zephyr headers, which is extremely space-constrained. We would like to remove the default format, but we can’t do so until no more clients use it.

The default format has not been used in most clients for several years (Athena zwgc stopped using it in 2000, for example). If you have extremely old client configuration, you may need to fix this.

Fixing this for zwgc

If you have not intentionally customized your zwgc.desc, just run the following command:

mv ~/.zwgc.desc ~/.zwgc.desc.old

and restart your client. This will use the system zwgc.desc, which is probably several years newer.

If you know you have customized your zwgc.desc, look for code that looks like this:

	print "(Authentication: @bold("+$aval+") from host: "+$fromhost+")\n"
	print substitute($default)
	put
	exit

Replace it with something like this:

  if (downcase($class) == "filsys" and downcase($opcode) == "shutdown") then
    set format = "From $sender:\n@bold(Shutdown message from $1 at $time)\n"+
      "@center(System going down, message is:)\n\n$2\n\n@center(@bold($3))"
  elseif (downcase($class) == "filsys") then
    set format = "@bold(Filesystem Operation Message for $instance:)\n"+
      "From: @bold($sender) at $time $date\n$message"
  elseif (downcase($class) == "mail" and downcase($instance) == "popret") then
    set format = "You have new mail:\n\nFrom: $1\nTo: $2\nSubject: $3"
  elseif (downcase($class) == "mail") then
    set format = "From Post Office $1:\n$2"
  elseif (downcase($class) == "syslog") then
    set format = "From $sender:\nSyslog message from $instance, level "+
      "$opcode:\n$message"
  elseif ($number_of_fields == "1") then
    set format = "Class $class, Instance $instance:\nTo: @bold($recipient) "+
      "at $time $date\nFrom: @bold($sender)\n\n$message"
  else
    set format = "Class $class, Instance $instance:\nTo: @bold($recipient) "+
      "at $time $date\nFrom: @bold($1) <$sender>\n\n$2"
  endif

  print "(Authentication: @bold("+$aval+") from host: "+$fromhost+")\n"
  print substitute($format)
  put
  exit

(taken from a recent /etc/zephyr/zwgc.desc)

Other clients

Please ask -c help -i zephyr on the ATHENA realm.

Copyright

The zwgc.desc snippets are taken from Zephyr, released under the MIT license. This article is copyright 2011, 2013 Geoffrey Thomas and released under the same terms.