In message <199505012139.OAA11624@spray.usw.nps.navy.mil>,
Stefan Hudson writes:
>> You need to put somthing like:
>> # the safe locations for archive directories. This should be defined as
>> # a series of root anchored directory paths as will be used as prefixes
>> # to the file names specified to the archive2.pl script.
>> @archive_dirs = ( "$list_test", "$list_test2" );
>> in your majordomo.cf file.
>> You will need to define $list_test and $list_test2 to be the
>> absolute path of your LIST archive dir. You will need one of those
>> for every list you want to archive.
>Would there be a problem with making it so that the archive_dirs are treated
>as a PREFIX when checking for allowed directories? That way, if
>@archive_dirs = ( "/usr/local/majordomo/archive", );
>any subdirectory of /usr/local/majordomo/archive would be allowed for
>archiving. I modified archive2.pl to work like that, and it works well,
>but I was concerned about potential security problems. The advantage is
>that you don't need to modify majordomo.cf at all when adding a list.
Why not just do?
@archive_dirs = </spool/majordomo/archive/*>;
in majordomo.cf? Or a loop on opendir, readdir, closedir. Don't forget
the majordomo.cf file is perl code. There is nothing to prevent you
from doing commands in the code.
Senior Systems Administrator IDD Information Services
email@example.com Waltham, MA (617) 890-7227 x337
(617) 487-3937 (Direct)
Senior Systems Consultant (SERL Project) University of Massachusetts at Boston
firstname.lastname@example.org (preferred) Boston, MA, (617) 287-6480
My employers don't acknowledge my existence much less my opinions.