Great Circle Associates Majordomo-Users
(July 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: disable "who" command
From: Shawn Steele <shawn @ aob . org>
Date: Thu, 11 Jul 1996 13:11:13 -0600
To: Peter Strong <peter @ ttc . nbs . gov>, michael @ europa . com, homer @ lightlink . com
Cc: majordomo-users @ GreatCircle . COM
In-reply-to: peter@ttc.nbs.gov (Peter Strong)
References: <9607111829.AA00273@ps.gisd> 
> Even without the who command, a user could see the list of
> subscribers by connecting directly to the mail server and doing
> an expn command for the name of the list.  Perhaps this could 
> be prevented by having a relay mail server forward the mail from
> an externally visable machine to the machine with majordomo
> running.  But that would complicate things quite a bit.  You
> have to remember that Brent Chapman states over and over in the
> documentation that majordomo was not built with great security
> in mind.

Yea, but lots of such security minded people have disabled the EXPN
command.  Also that would require that the person knows the name of the
list, which may not be obvious if someone changed the -outgoing to
-myverysecretoutgoingclonething.

- shawn
References:
Indexed By Date Previous: Re: disable "who" command
From: "Homer W. Smith" <homer@lightlink.com>
Next: List owners
From: Slamin <slamin@cs.newcastle.edu.au>
Indexed By Thread Previous: Re: disable "who" command
From: "Homer W. Smith" <homer@lightlink.com>
Next: Re: disable "who" command
From: "J. Hopkinson" <J.F.L.Hopkinson@dl.ac.uk>
Google
 
Search Internet Search www.greatcircle.com