On Mon, 3 Sep 2001, Daniel Liston wrote:
> Date: Mon, 03 Sep 2001 01:16:15 -0500
> From: Daniel Liston <dliston@netscape.com>
> To: Joe R. Jah <jjah@cloud.ccsf.cc.ca.us>
> Cc: Majordomo-Users <majordomo-users@GreatCircle.COM>
> Subject: Re: Master password file was: (Quickie)
>
> "Joe R. Jah" wrote:
> >
> > On Fri, 31 Aug 2001, Dan Liston wrote:
> >
> > > By old functionality, I am referring to the listname.passwd file getting
> > > written to. Being someone that still uses the deprecated listname.passwd
> > > file, and not for the "master password", I can have the best of both worlds
> > > by adding a "newpasswd" command that does what the old "passwd" command did
> > > pre-passwd.0 patch.
> >
> > That's really not a functionality, but a procedure. What is your purpose
> > in writing to listname.passwd file? What do you get out of it? Let me
> > try to explain why that procedure is deprecated:
> >
> > After receiving the command:
> >
> > passwd <listname> <oldpass> <newpass>
> >
> > Majordomo uses valid_passwd function in majordomo.pl to verify <oldpass>.
> > That function checks BOTH the contents of listname.passwd and the value of
> > admin_passwd in listname.config. Any one who knows one of the passwords
> > can change them both, and has full access to the entire list, so you can
> > not delegate control to some of your lists without giving away full
> > control to all of your lists;(
>
> This is not exactly true. It assumes that the listname.passwd file is being
> used as a link to a master password for all lists, rather than just one. Also
> consider, that unless a "newpasswd" command is issued, the listname.passwd
> file would never exist. Once the file is created, there is still the extra
> work of removing the password from the .config file, and the awareness to
> leave it blank in the future.
I merely illustrated the hole in the "functionality" published in the FAQ:
----------------------------------8<--------------------------------------
3.8 - What are all these different passwords?
Think of three separate passwords:
1. A master password that can be used by both resend and majordomo
contained in [listname].passwd. To be used by the master list
manager when using writeconfig commands etc. This allows someone
who handles a number of mailing lists all using the same password.
This is also a "backup password" in case the .config file gets
corrupted.
...
----------------------------------8<--------------------------------------
> > Most list owners forget, or don't know, that they have passwords in two
> > files; they change a compromised password in one file, without realizing
> > that the old password would still be as valid as ever. They'll have to
> > change the password in both files; more chores;( Allowing list owners to
> > write to listname.passwd files creates more problems than it solves.
>
> True, list-owners must be "aware", and you make an excellent point regarding
> compromised security. I also had not considered users having no way to get
> rid of the file once it is created, without majordomo-owner intervention.
> The more I think about the extra hassle involved, the more I think I should
> just enjoy the passwd.0 patch.
>
> > You won't get any benefit from the "old functionality" other than a backup
> > password file, in case you ruin your list.config file by using a poor mail
> > program, or simply being careless;) Remember, there is always a Majordomo
> > owner at your service;^) List owners remember that before any password in
> > any file;))) Thanks to Bill Houle, there is also Majorcool. Your list
> > owners will be grateful not having to deal with the scary proposition of
> > editing their configuration files and mailing them;)
>
> You have convinced me not to try/do what I was going to. I have seen the
> error of my ways. :)
It's time for a new point-release;)
Regards,
Joe
--
_/ _/_/_/ _/ ____________ __o
_/ _/ _/ _/ ______________ _-\<,_
_/ _/ _/_/_/ _/ _/ ......(_)/ (_)
_/_/ oe _/ _/. _/_/ ah jjah@cloud.ccsf.cc.ca.us
References:
|
|
