At 12:28 9/15/94 -0400, murphy@dccs.upenn.edu wrote:
>I just sent the following message and was able to unsubscribe a
>completely _different_ address (murphyl@pobox) than the address I sent
>it from (murphy@justdoit.dccs) from the list named "fresh", which has
>an open subscription policy (subscribe_policy = open).
>
>To: majordomo@lists
>Subject:
>Reply-to: murphyl@pobox.upenn.edu
>--text follows this line--
>unsubscribe fresh
>--lam
>
>This means that "open" is only slightly better than "auto" as a
>subscription policy, because using the "Reply-To" field, anyone can
>pretend to be anyone else! Majordomo doesn't check Reply-To against
>"From " or "From:" to be sure they are the same. I would've expected,
>with the Open policy, that it would have forwarded the request to the
>list owner for approval since Reply-To didn't match the real address
>from whence the request came.
And you think that "From:" does tell you where the mail really is from?
It can be faked just about as easily as "Reply-To:".
There is no authentication in standard Internet email; therefore, there
is no real security in Majordomo. What "security" there is, is intended
to prevent folks from trivially making a nuisance of themselves. It is
particularly strong, never has been, and was never intended to be. See
the original Majordomo paper (available for anonymous FTP:
ftp://ftp.greatcircle.com/pub/majordomo/majordomo.paper.ps.Z
) for a complete discussion of this.
If folks want real security and authentication in Majordomo, somebody
should investigate integrating PGP support.
By the way, _I_ consider the ability to "fake out" Majordomo with a
"Reply-To:" header a feature, not a bug; I use it all the time.
-Brent
--
Brent Chapman | Great Circle Associates | Call or email for info about
Brent@GreatCircle.COM | 1057 West Dana Street | upcoming Internet Security
+1 415 962 0841 | Mountain View, CA 94041 | Firewalls Tutorial dates
Follow-Ups:
|
|
