Brent Chapman <brent@mycroft.GreatCircle.COM> writes:
# Just a couple of notes about running Majordomo with the new "smrsh"
# security fix for Sendmail.
# Second, if you're using the backquoting trick for long "resend"
# arguments that I posted here a few weeks ago, you'll either need
# to give up the trick, or modify your version of "smrsh" _not_ to
# look for "`" in the list of "SPECIAL" characters. As a reminder,
# the "backquoting trick" was to set your aliases up like this:
# my-list: "|/usr/local/mail/majordomo/wrapper resend
# `/bin/cat /usr/local/mail/lists/my-list.resend`
# and put all the arguments to resend in the "my-list.resend" file,
# instead of putting all the arguments to resend in the "aliases" entry
# (because the aliases entry has a 256 byte limit, and it's real easy to
# exceed that with lots of arguments to resend).
VERY BAD IDEA!!! Sorry I even suggested it without thinking it all the
way through in light of the latest round of Sendmail bugs. I hope none
of you have actually done it yet, or if you have, that it hasn't caused
you any security problems...
I've modified my version of "resend" so that, instead of using "/bin/cat"
and backquotes to read the file full of flags, you can say "@filename".
I.e., the example above becomes:
my-list: "|/usr/local/mail/majordomo/wrapper resend
This means that you DON'T have to remove "`" from the list of special
characters that smrsh checks for, and that's a good thing.
Since I never mentioned the backquote trick in any of the released
documentation or examples (only in postings here on Majordomo-Users),
I'm not going to release a whole new Majordomo package right now with
this new version of "resend". If you _were_ using the trick, though,
and you want the new version of "resend", it is available for anonymous
FTP from FTP.GreatCircle.COM, file "pub/majordomo/resend.1.19.shar".
Brent Chapman Great Circle Associates
Brent@GreatCircle.COM 1057 West Dana Street
+1 415 962 0841 Mountain View, CA 94041