> >
> > Anybody have any idea what's going on?
>
> Did you look into the Perl code at all??
In fact, I didn't... In retrospect, I probably should have, but I likely
would have skipped right past and not noticed those options... :-)
> Putting such executables in the Majordomo dir to be invoked via
> wrapper is a potential security violation. Any local user could say
> "/path/to/wrapper mj_create" and the list would be created (without
> the Mj-owner's permission).
Although as it is at the moment, anybody can go to my majorcool page and
do the same thing... There's probably another config option to ask for a
username and password before accessing certain modules of MajorCool,
but I havn't found that yet either... :-)
> Therefore, all the above scripts do some euid/egid checking to make
> sure that only certain people can invoke the script. Those users
> (and groups) are defined in lines 4 & 5. Update as appropriate.
Thanks for the help, as always.
-Matt-
Follow-Ups:
References:
|
|
