Disagreed. (Obviously, or I would not have said what I said.)
> The possibility that a slash in an e-mail address can open a hole is
> entirely MTA-dependent.
> I am positive that my MTA doesn't have the bug;
Accepted for argument's sake.
> Majordomo shouldn't be enforcing policy decisions that I, as system
> manager, disagree with.
What about this is a policy decision? Do you believe that majordomo
_should_ allow attackers to circumvent normal security procedures on
some systems simply with a mailing list password which is sent in
plaintext over the Internet and is also stored in a file? I would
find it extremely fascinating to read a policy which demands that a
software package contain an unnecessary security hole.
If you don't have the particular '/' hole in your MTA, then I would
say that it is perfectly acceptable for you or a majordomo
configuration option to remove that particular check from
&valid_addr(). (Note, however, that other checks currently exist
there and more may be added in the future.)
I believe the definition of what a hostile address is could easily
change depending on the system. However, to entirely disable hostile
address checking simply because an email message contains a password
is an unacceptable practice in a mailing list software package.
The mailing list password exists to protect the mailing lists. The
hostile address check exists to protect the computer system. I say
again that these are two very different levels of security. This is
the entire foundation of my argument, and until you understand this
your counter-arguments will not convince me.
Structural Dynamics Research Corporation
2000 Eastman Drive, Milford OH 45150 USA