Great Circle Associates Majordomo-Users
(June 2000) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Patch the which command @ hole;)
From: "Joe R. Jah" <jjah @ cloud . ccsf . cc . ca . us>
Date: Fri, 30 Jun 2000 21:42:21 -0700 (PDT)
To: Majordomo-Users @ GreatCircle . COM
In-reply-to: <276F84930F83D211B5880008C75D84910284D8EB@e2.smud.org>
Reply-to: "Joe R. Jah" <jjah @ cloud . ccsf . cc . ca . us> 
On Tue, 27 Jun 2000, Thom Fitzpatrick wrote:

> Date: Tue, 27 Jun 2000 12:51:13 -0700
> From: Thom Fitzpatrick <TFitzpa@smud.org>
> To: "'majordomo-patches@cloud.ccsf.cc.ca.us'"
     <majordomo-patches@cloud.ccsf.cc.ca.us>
> Subject: "which" tricker?
> 
> 
> Is it still possible to trick majordomo into dumping all the addresses by
> submitting a "which @" command?

If you apply the attached patch that trick won't be possible;) The patched
Majordomo will require a valid Internet address as the argument of the
which command.  The patch can also be downloaded from: 

	ftp://ftp.ccsf.org/majordomo-patches/1.94.5/majordomo.1

Regards,

Joe
-- 
     _/   _/_/_/       _/              ____________    __o
     _/   _/   _/      _/         ______________     _-\<,_
 _/  _/   _/_/_/   _/  _/                     ......(_)/ (_)
  _/_/ oe _/   _/.  _/_/ ah        jjah@cloud.ccsf.cc.ca.us

# Which bug fix patch for Majordomo 1.94.5
# Joe R. Jah <jjah@ccsf.org>
# 30 June 2000
#
# This patch will close a hole in majordomo which command; it will
# insist in a valid internet address as the argument of "which."
#
# To apply the patch:
#
# - Save the patch to a file on your Majordomo server.
# - Login as Majordomo user, (e.g. majordom.)
# - In Majordomo home run the following command:
#
#       patch < /path/to/majordomo.1
#
*** majordomo.orig	Thu Jan 13 09:29:31 2000
--- majordomo	Fri Jun 30 20:55:43 2000
***************
*** 625,677 ****
  sub do_which {
      local($subscriber) = join(" ", @_) || &valid_addr($reply_to);
      local($count, $per_list_hits) = 0;
!     # Tell the requestor which lists they are on by reading through all
!     # the lists, comparing their address to each address from each list
!     print REPLY "The string '$subscriber' appears in the following\n";
!     print REPLY "entries in lists served by $whoami:\n\n";
  
!     opendir(RD_DIR, $listdir) || &abort("opendir failed $!");
!     @lists = readdir(RD_DIR);
!     closedir(RD_DIR);
  
!     foreach (sort @lists) {
! 	/[^-_0-9a-zA-Z]/ && next;	# skip non-list files (*.info, etc.)
! 	$list = $_;
  
! 	# get configuration info
! 	&get_config($listdir, $_) if !&cf_ck_bool($_, '', 1);
  
! 	# access check
! 	# 
! 	next if ! &access_check("which", $reply_to, $listdir, $list);
  
! 	open(LIST, "$listdir/$list") ||
! 	    &abort("Can't open list $listdir/$list");
! 	while (<LIST>) {
  
! 	    if (! $approved 
! 		&& $max_which_hits 
! 		&& $max_which_hits < $per_list_hits) {
! 		print REPLY "Maximum number of hits ($max_which_hits) exceeded\n";
! 		last;
! 	    }
  
! 	    $_ = &chop_nl($_);
! 	    if (&addr_match($_, $subscriber, 1)) {
! 		if ($count == 0) {
! 		    printf REPLY "%-23s %s\n", "List", "Address";
! 		    printf REPLY "%-23s %s\n", "====", "=======";
! 		}
! 		printf REPLY "%-23s %s\n", $list, $_;
! 		$count++;
! 		$per_list_hits++;
  	    }
! 	}
! 	close(LIST);
      }
-     if ($count == 0) {
- 	print REPLY "**** No matches found\n";
-     }
      print REPLY "\n";
      &log("which $subscriber");
      return 1;
--- 625,679 ----
  sub do_which {
      local($subscriber) = join(" ", @_) || &valid_addr($reply_to);
      local($count, $per_list_hits) = 0;
!     if(! &valid_addr($subscriber)){
!         # Tell the requestor which lists they are on by reading through all
!         # the lists, comparing their address to each address from each list
!         print REPLY "The string '$subscriber' appears in the following\n";
!         print REPLY "entries in lists served by $whoami:\n\n";
  
!         opendir(RD_DIR, $listdir) || &abort("opendir failed $!");
!         @lists = readdir(RD_DIR);
!         closedir(RD_DIR);
  
!         foreach (sort @lists) {
! 	    /[^-_0-9a-zA-Z]/ && next;	# skip non-list files (*.info, etc.)
! 	    $list = $_;
  
! 	    # get configuration info
! 	    &get_config($listdir, $_) if !&cf_ck_bool($_, '', 1);
  
! 	    # access check
! 	    # 
! 	    next if ! &access_check("which", $reply_to, $listdir, $list);
  
! 	    open(LIST, "$listdir/$list") ||
! 	        &abort("Can't open list $listdir/$list");
! 	    while (<LIST>) {
  
! 	        if (! $approved 
! 		    && $max_which_hits 
! 		    && $max_which_hits < $per_list_hits) {
! 		    print REPLY "Maximum number of hits ($max_which_hits) exceeded\n";
! 		    last;
! 	        }
  
! 	        $_ = &chop_nl($_);
! 	        if (&addr_match($_, $subscriber, 1)) {
! 		    if ($count == 0) {
! 		        printf REPLY "%-23s %s\n", "List", "Address";
! 		        printf REPLY "%-23s %s\n", "====", "=======";
! 		    }
! 		    printf REPLY "%-23s %s\n", $list, $_;
! 		    $count++;
! 		    $per_list_hits++;
! 	        }
  	    }
! 	    close(LIST);
!         }
!         if ($count == 0) {
! 	    print REPLY "**** No matches found\n";
!         }
      }
      print REPLY "\n";
      &log("which $subscriber");
      return 1;
Indexed By Date Previous: Digests being created, but not sent.
From: "Chris Bowlby" <cbowlby@helical.ns.ca>
Next:
From: (nil)
Indexed By Thread Previous: Digests being created, but not sent.
From: "Chris Bowlby" <cbowlby@helical.ns.ca>
Next:
From: (nil)
Google
 
Search Internet Search www.greatcircle.com