> Regarding the CERT security advisory, I was thinking about what
> other vulnerabilities majordomo might have.
> Correct me if I'm wrong, but the following would seem to me to
> be security vulnerabilities:
>
> 1) non-private mail lists, any user would be able to subscribe.
> 2) private mail lists, a user could masquerade as the owner of
> the list and subscribe themselves (via telnet to sendmail port).
>
> 3) with the above 2 in mind,
> thus be able to retrieve archives or digests of any list.
>
> Would this be true?
Just to clarify, CERT is concerned with system security. The ability to
subscribe to mailing lists and retrieve archives does not affect system
security.
The security hole which was recently plugged allowed users to run arbitrary
system commands as 'daemon', which could be used to subvert system security.
As for your concerns, it is quite true that a non-private list can be
subscribed to by anybody. That's the intent. If you don't want that,
make the list closed.
As for masqerading as the owner of the list, you need the list password to
do that. Telnetting to the sendmail port is not sufficient. In fact, there
really is no owner of the list, just people who have the "admin" password.
Have I misunderstood your concern?
With this in mind, don't make the list open if you don't want non-members
to access the archives. If the archives are really sensitive, you might
consider using some other means of distribution which is less automated.
Convenience and security are usually at odds....
--
Paul Close pdc@sgi.com ...!{ames, decwrl, uunet}!sgi!pdc
No fate but what we make
References:
|
|
