Great Circle Associates Majordomo-Users
(May 1993)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Majordomo ?insecurity
From: Tony Martindale <Tony . Martindale @ vuw . ac . nz>
Date: Wed, 12 May 1993 13:24:23 +1200
To: brent @ GreatCircle . COM
Cc: dhesi @ rahul . net, majordomo-users @ GreatCircle . COM
In-reply-to: Brent Chapman's message of Mon, 10 May 93 11:31:36 -0700 <9305101831.AA21467@mycroft.GreatCircle.COM>


   Date: Mon, 10 May 93 11:31:36 -0700
   From: Brent Chapman <brent@greatcircle.com>
   Sender: Majordomo-Users-Owner@greatcircle.com

   [stuff deleted]

   I figured somebody would find a security bug like this at some point;
   that's one reason that I recommend setting up a seperate UID and GID
   for Majordomo, to limit the potential for destruction.

 Good quality insurance.

   [more stuff deleted]

   If you're worried about this, you could just comment out the code that
   checks for the "-C" flag or the MAJORDOMO_CF environment variable
   (approximately lines 28-36 in majordomo; note that bounce-remind,
   request-answer, and resend all include that same code fragment and are
   thus also all susceptible to this same problem).

   I just realized that the MAJORDOMO_CF environment variable won't work
   any more anyway, since "wrapper" creates a virgin environment before
   running any program...

 What I've done is built the MAJORDOMO_CF environment variable into
the "virgin environment" (in the same way as BIN, PATH, etc) created by
the wrapper program.  Ripping out the "-C" flag checks in the
majordomo programs and this change eliminates that hole (roll on
others:), but if you run a multiple config file set up you would have
to build seperate wrapper programs for each config file - probably not
a bad idea anyway.

 However, as you say, a "taintperl clean" majordomo would be a better
solution.

 Here are the patches for wrapper.c and Makefile respectively:

56,63c56,60
<     HOME,            /* 0 */
<     PATH,            /* 1 */
<     SHELL,           /* 2 */
< #ifdef MAJORDOMO_CF
<     MAJORDOMO_CF,    /* 3 */
< #endif
<     0,               /* possibly for USER or LOGNAME */
<     0,               /* possible for LOGNAME */
---
>     HOME,     /* 0 */
>     PATH,     /* 1 */
>     SHELL,    /* 2 */
>     0,                /* 3; possibly for USER or LOGNAME */
>     0,                /* 4; possible for LOGNAME */
99,101d95
< #ifdef MAJORDOMO_CF
<     e = 4; /* the first unused slot in new_env[] */
< #else
103d96
< #endif


54d53
< W_MAJORDOMO_CF=/etc/majordomo.cf
58,59c57
<       -DHOME=\"HOME=${W_HOME}\" -DSHELL=\"SHELL=${W_SHELL}\" \
<       -DMAJORDOMO_CF=\"MAJORDOMO_CF=${W_MAJORDOMO_CF}\"
---
>       -DHOME=\"HOME=${W_HOME}\" -DSHELL=\"SHELL=${W_SHELL}\"



Tony Martindale                    Computing Services Centre,
phone: +64 4 495 5051              Victoria University of Wellington,
fax:   +64 4 471 5386              P.O. Box 600, Wellington, NEW ZEALAND.



References:
Indexed By Date Previous: Re: Help!
From: Brent Chapman <brent@GreatCircle.COM>
Next: Moderation of mail to lists?
From: guyton@ruf.rice.edu (William S. Guyton)
Indexed By Thread Previous: Re: Majordomo ?insecurity
From: Brent Chapman <brent@GreatCircle.COM>
Next: [adamfox@decartes.super.org: Re: majordomo ]
From: Micah Anderson <micah@u.washington.edu>

Google
 
Search Internet Search www.greatcircle.com