Great Circle Associates Majordomo-Workers
(January 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: 1.93 security and bug fix release.
From: Michael Nelson <nelson @ seahunt . imat . com>
Date: Mon, 2 Jan 1995 17:44:54 -0800 (PST)
To: paulp @ primus . COM (Paul Phillips)
Cc: rouilj @ cs . umb . edu, majordomo-workers @ GreatCircle . COM
In-reply-to: <Pine.SUN.3.91.950102152213.11314A-100000@primus.com> from "Paul Phillips" at Jan 2, 95 03:27:40 pm
Reply-to: nelson @ seahunt . imat . com 
Paul Phillips wrote:
> 
> > there was a race condition in archive2.pl that
> > would allow any majordomo owned file to be appended to.
> 
> Quick note -- just so nobody underestimates the need to upgrade, it's 
> worse than a race condition.  Race conditions popped up in the 
> course of fixing it, but the hole that exists allows Bad Guys to modify 
> arbitrary majordomo-owned files, without racing to do so.

	If we don't want to upgrade the entire system, can we just drop
in the new archive2.pl over the old one?

	I'm hesitant to upgrade because of all the problems I had getting
1.92 running right..

-- 
Michael Nelson                          nelson@seahunt.imat.com
San Francisco, CA                           FAX: 1-415-621-2608
     
       www home page: http://seahunt.imat.com/nelson.html
Follow-Ups:
References:
Indexed By Date Previous: Re: 1.93 security and bug fix release.
From: "John P. Rouillard" <rouilj@cs.umb.edu>
Next: Re: 1.93 security and bug fix release.
From: Brent@GreatCircle.COM (Brent Chapman)
Indexed By Thread Previous: Re: 1.93 security and bug fix release.
From: "John P. Rouillard" <rouilj@cs.umb.edu>
Next: Re: 1.93 security and bug fix release.
From: "John P. Rouillard" <rouilj@cs.umb.edu>
Google
 
Search Internet Search www.greatcircle.com