Great Circle Associates Majordomo-Users
(October 1996)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Trusted user
From: Richard Pieri <ratinox @ unilab . dfci . harvard . edu>
Date: 15 Oct 1996 09:52:16 -0400
To: Majordomo-users @ GreatCircle . COM
In-reply-to: Julian Gordon's message of Mon, 14 Oct 1996 14:50:29 -0700 (PDT)
References: <199610142150.OAA08332@cds1004.Cadence.COM>

-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "JG" == Julian Gordon <julian@cadence.com> writes:

JG> Does anyone know of any risk to making majordom a trusted sendmail
JG> user?

There is no risk inherent in doing so.  All it does is allow the
majordomo user to "forge" mail headers -- notably the listname-owner
mailbox that is placed in the Sender header -- without generating
authentication warnings.  With the majordomo user in the trusted users
list, should someone gain access to the majordomo user account they will
be able to do likewise.  But making the majordomo user "trusted" will by
no means allow anyone access to the account.

If you are paranoid (which you should be) you could make the shell for
the account something which immediately terminates, like this little
shell script:

	#!/bin/sh
	echo "This account does not have interactive login privilege."
	exit 0

This means that only root will be able to create lists since only root
can chown the files appropriately, which is usually not a significant
problem since root has to edit /etc{/mail}/aliases to create the list
anyway.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMmOXEZ6VRH7BJMxHAQGGBwP7BHoigmqsE7Jf8vjTaWET0sXtPXq7ZcQp
jdj8zpvS7ZXUSWtq0ZmLGb/GhKoxitlvU9C3qyiioNYtEyaSn2Yf6Y7CuQWjeLro
CHWrtBB5f83I+8wNKQjP21QGC4/hHeW7Pr5SWvZlGLJH5JIU4Sv/A+iG+OfBKWCX
VmS3oypRgKE=
=QHZ2
-----END PGP SIGNATURE-----
-- 
Richard Pieri/Information Services \ When you go out in the world, remember:
<ratinox@unilab.dfci.harvard.edu>   \ being placed on a pedestal is a right,
http://www.dfci.harvard.edu/         \ not a priviledge! -A cat's guide to life


Follow-Ups:
References:
Indexed By Date Previous: Re: bus error in Majordomo 1.93 (error 138)
From: Dave Wolfe <dwolfe@risc.sps.mot.com>
Next: Re: Majordomo error codes
From: Tim Hogan <thogan@moon.jic.com>
Indexed By Thread Previous: Re: Trusted user
From: Jason L Tibbitts III <tibbs@hpc.uh.edu>
Next: Re: Trusted user
From: Dave Wolfe <dwolfe@risc.sps.mot.com>

Google
 
Search Internet Search www.greatcircle.com