Hugh Ferguson writes:
>If you do have a moderated list, users can subscribe and unsubscribe
>themselves, but if they were to subscribe or unsubscribe another user, an
>authoratative request would be sent to the list owner. So, if someone
>were to type
>subscribe mylist mylist-users
>
>the request should be forwarded to the list owner, providing that the
>list is set up correctly.
Unfortunately this is not the case. There is a loophole in Majordomo
which lets you subscribe and unsubscribe other addresses without their
consent, bypassing the approval process (for open lists). I have
complained about this is in the past, but the feeling seems to be that
this is a feature, not a bug, and it won't be fixed. However, it would
definitely be possible to crash a list in this way.
In my opinion this is the most serious problem with Majordomo, and one
of the items on my agenda is to learn enough perl to be able to hack it
so that at least the version that I use here will not be vulnerable.
--
Bill Silvert, Habitat Ecology Section, Bedford Institute of Oceanography,
P. O. Box 1006, Dartmouth, Nova Scotia, CANADA B2Y 4A2, Tel. (902)426-1577
HED runs a WWW server at URL=http://hed.bio.dfo.ca
|
|
