Great Circle Associates Majordomo-Workers
(January 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: 1.93 security and bug fix release.
From: Brent @ GreatCircle . COM (Brent Chapman)
Date: Mon, 2 Jan 1995 23:35:36 -0800
To: nelson @ seahunt . imat . com, paulp @ primus . COM (Paul Phillips)
Cc: rouilj @ cs . umb . edu, majordomo-workers @ GreatCircle . COM 
At 17:44 1/2/95, Michael Nelson wrote:
>Paul Phillips wrote:
>>
>> > there was a race condition in archive2.pl that
>> > would allow any majordomo owned file to be appended to.
>>
>> Quick note -- just so nobody underestimates the need to upgrade, it's
>> worse than a race condition.  Race conditions popped up in the
>> course of fixing it, but the hole that exists allows Bad Guys to modify
>> arbitrary majordomo-owned files, without racing to do so.
>
>        If we don't want to upgrade the entire system, can we just drop
>in the new archive2.pl over the old one?

While the race condition originally came to light in archive2.pl, similar
problems were found in many of the other programs, so I'd say simply replacing
archive2.pl isn't going to be enough.


-Brent

--
Brent Chapman         | Great Circle Associates  | Call or email for info about
Brent@GreatCircle.COM | 1057 West Dana Street    | upcoming Internet Security
+1 415 962 0841       | Mountain View, CA  94041 | Firewalls Tutorial dates
Indexed By Date Previous: Re: 1.93 security and bug fix release.
From: Michael Nelson <nelson@seahunt.imat.com>
Next: Re: 1.93 security and bug fix release.
From: "John P. Rouillard" <rouilj@cs.umb.edu>
Indexed By Thread Previous: Re: 1.93 security and bug fix release.
From: "John P. Rouillard" <rouilj@cs.umb.edu>
Next: Re: [majordomo-workers] 1.93 security and bug fix release.
From: "John P. Rouillard" <rouilj@cs.umb.edu>
Google
 
Search Internet Search www.greatcircle.com