Great Circle Associates Majordomo-Users
(April 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Security hole?
From: James Cook <jcook @ netcom . com>
Date: Wed, 20 Apr 1994 10:26:16 -0700 (PDT)
To: Paul Crossman <pcrossma @ avid . com>
Cc: "Jonathan B. Horen" <horen @ applicom . co . il>, majordomo-users @ GreatCircle . COM
In-reply-to: <199404201556.AA1778620650@avid.avid.com>


On Wed, 20 Apr 1994, Paul Crossman wrote:

> >and they're "in", at least, as far as posting email is concerned,
> >via SMTP (Simple Mail-Transport Protocol).  They can't delete or
> >edit anything, but they *can* post mail to anybody, anywhere,
> >using any name they wish.
> >
> >So, using this command Joe Joker can enter, and then set
> >MAIL FROM: your_name
> >RCPT TO: your_list_alias
> >DATA: .....
> 
> Another free consult for the list...
> 
> You can get around this by installing tcp_wrappers and wrapping sendmail.  Mail
> will not go out instantly, but outside users can't play with your sendmail port
> either.
> 

If it is that easy to post to a private list, then is it also 
easy/possible for these non members to READ the list traffic/messages? 

James



Follow-Ups:
References:
Indexed By Date Previous: Re: Security hole?
From: James Cook <jcook@netcom.com>
Next: Re: Security hole?
From: "Michael J. Corrigan" <corrigan@ucsd.edu>
Indexed By Thread Previous: Re: Security hole?
From: David Barr <barr@pop.psu.edu>
Next: Re: Security hole?
From: "Michael J. Corrigan" <corrigan@ucsd.edu>

Google
 
Search Internet Search www.greatcircle.com