Maybe this has been fixed already? I'd never heard of it, and it does
sound scary, so I tried to replicate the behavior using several
configurations (which @, which "@", which \@, which "\@") with my
majordomo. But they all seemed to work ok, each time majordomo responded:
>>>> which @
The string '@' appears in the following
entries in lists served by Majordomo@cutter.com:
**** No matches found
I'm using Sendmail 8.8.5, majordomo 1.94.4 (rev 1.56).
At 04:32 PM 11/2/99 -0500, Kevin Merrill wrote:
>Need your expert help - I keep all of my lists set to "noadvertize" so
>that the lists I run will not be easily visible to those not subscrib'ed
>to my ists, but have recently found out that when a user sent my Majordomo
>server a "wh1ch @" command, he got back all e-mail addresses for all lists
>on my server,....seems like a HUGE security hole to me.
>Can anyone advise me on a way to prevent this command from working ??
>Thanks in Advance,