Great Circle Associates Majordomo-Workers
(January 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: 1.93 security and bug fix release.
From: Paul Phillips <paulp @ primus . COM>
Date: Mon, 2 Jan 1995 15:27:40 -0800 (PST)
To: "John P. Rouillard" <rouilj @ cs . umb . edu>
Cc: majordomo-workers @ GreatCircle . COM
In-reply-to: <199501022251.AA16619@cs.umb.edu> 


On Mon, 2 Jan 1995, John P. Rouillard wrote:

> there was a race condition in archive2.pl that
> would allow any majordomo owned file to be appended to.

Quick note -- just so nobody underestimates the need to upgrade, it's 
worse than a race condition.  Race conditions popped up in the 
course of fixing it, but the hole that exists allows Bad Guys to modify 
arbitrary majordomo-owned files, without racing to do so.

--
Paul Phillips                                 EMAIL: paulp@primus.com
Primus Consulting                             PHONE: (619) 220-0850      
WWW: http://www.primus.com/staff/paulp/         FAX: (619) 220-0873
Follow-Ups:
References:
Indexed By Date Previous: 1.93 security and bug fix release.
From: "John P. Rouillard" <rouilj@cs.umb.edu>
Next: Re: 1.93 security and bug fix release.
From: "John P. Rouillard" <rouilj@cs.umb.edu>
Indexed By Thread Previous: 1.93 security and bug fix release.
From: "John P. Rouillard" <rouilj@cs.umb.edu>
Next: Re: 1.93 security and bug fix release.
From: "John P. Rouillard" <rouilj@cs.umb.edu>
Google
 
Search Internet Search www.greatcircle.com