List-Managers: Re: Security Problems

List-Managers
(March 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Security Problems
From:	Alan Thew <Alan . Thew @ liverbird . liverpool . ac . uk>
Date:	Fri, 17 Mar 1995 03:23:18 +0000 (GMT)
To:	brian @ hyperreal . com (Brian Behlendorf)
Cc:	oceania @ enet . net, list-managers @ GreatCircle . COM
In-reply-to:	<Pine.BSI.3.91.950314132612.8740G-100000@taz.hyperreal.com> from "Brian Behlendorf" at Mar 14, 95 01:26:49 pm

In the last mail, Brian Behlendorf wrote:
> 
> On Tue, 14 Mar 1995, Eric Klien wrote:
> > I am working on changing the code of majordomo by hand to solve some 
> > major security problems with it.  The problems that I have are that 
> > 1) anyone can post to the list by sending e-mail to list-l-outgoing 
> > and 2) anyone can get a copy of the list by sending majordomo telnet 
> > client 25, expn listname-outgoing even if I disable the who command 
> > in majordomo.  
> > 
> > Can anyone give suggestions on solving the above problems?
> 
> Yes, rename the outgoing alias to something other than list-outgoing.  
> 
surely it's better to write the SMTP envelope with an address which
if mailed either goes to /dev/null or better to a person/robot. That's
how we run listproc (not how it was written though). This just
seems like a general point.


-- 
Alan Thew
alan.thew@liv.ac.uk   ...!uknet!liv!alan.thew   Tel: +44 151 794-4497
University of Liverpool, Computing Services     Fax: +44 151 794-4442

References:

Re: Security Problems
From: Brian Behlendorf <brian@hyperreal.com>

Indexed By Date	Previous:	Re: List abusers database From: James Cook <jcook@netcom.com>
Indexed By Date	Next:	Re: List abusers database From: alan@znyx.com (Alan Deikman)
Indexed By Thread	Previous:	Re: Security Problems From: Brian Behlendorf <brian@hyperreal.com>
Indexed By Thread	Next:	Security Problems continued From: Eric Klien <oceania@enet.net>