Do not attempt to run anonysrv on the internet

AnonyNews is not intended to be a secure system. By its very nature it must allow any user to connect without authentication. However, some things have been done to try to prevent major disasters.

The program anonysrv will su to the owner as soon as it is run. This means even if it is started by root, it will drop to the user anonyuse(set up on installation). This user will have whatever the default permissions are for new users, which are usually very limited. This means that if someone connects and manages to make the stack overflow and then a program to run, it will still only have limited permissions.

The server will fork every time a request is made to connect. If it fails to receive data after a certain time, the new process will exit. This stops zombie processes hanging around.

There is a maximum size to a message, set by default to 2k. After the server has received the full number of bytes it simply disconnects.

The server will almost certainly fail if too many people try to connect at once. However, I have no idea how many it can cope with, as it will depend on the system it is running on. Since the Client only tries to connect when reading headers, sending a message or reading a message, it will not matter how long a Client is left running, but only the use it actually receives.