Jason L Tibbitts III wrote:
> NP> which .
>
> Read majordomo.cf and understand $max_which_hits. which is a useful
> command for people who are trying to unsubscribe themselves but don't know
> exactly which address they are subscribed under, and restricting it (even
> to just list members) should be dome with much thought.
Indeed I go on to mention max_which_hits in my original mail.
> Please try to understand the configuration options you have before you yell
> "security hole". We have dome some thinking on the matter.
Didn't say you hadn't, nor did I yell. It is still a POTENTIAL security hole
for the sole reason that this behaviour is not made clear to people
installing and more importantly, using majordomo. The posting to
majordomo-workers was more for information. I'm principally worried about
majordomo list owners who have no control over and do not even get
sight of majordomo.cf - where the problem is identified. The only thing
a list owner can do is set which_access to be as strict as who_access -
hence my warning.
I hope that makes my intentions clear.
Nick
--
Nick Perry | AboarD Boats & Yachts Market Ltd
Webmaster Manager | 7a Fernshaw Road, LONDON, SW10 0TB. UK
Mobile: +44 (0)973 566204 | Tel: +44 (0)171 460 0030 Fax: 0040
| http://www.aboard.co.uk
References:
|
|
