Great Circle Associates Majordomo-Workers
(January 1997)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: <list>.config file mod's
From: Dave Wolfe <dwolfe @ risc . sps . mot . com>
Date: Wed, 1 Jan 1997 15:00:41 -0600 (CST)
To: opie @ DigitallySpeaking . com (Paul Opie)
Cc: majordomo-workers @ GreatCircle . COM
In-reply-to: <Pine.LNX.3.91.961231160803.9912C-100000@ds.rnet.com> from "Paul Opie" at Dec 31, 96 04:32:32 pm
Reply-to: Dave Wolfe <david_wolfe @ risc . sps . mot . com>

[ Paul Opie writes: ]
> 
> On Tue, 31 Dec 1996, Dave Wolfe wrote:
> 
> > > > -        'approve_passwd',      '#!"$list.pass"',
> > > > +        'approve_passwd',      '#!"$list.passwd"',
> 
> > You misunderstand what you're patching. 'approve_passwd' *is* the
> > password (for approvals). It has nothing to do with the "$list.passwd"
> > *file* (which is a holdover from early versions of Mj) or the 'passwd'
> > command.
> 
> by changing $list.pass to $list.passwd in config_parse.pl, as above, i
> achieve my goal of changing what the <list>.config file says the password
> file name should be.

You aren't paying attention: approve_passwd IS THE PASSWORD, *NOT* a
file name. See, it even says so:

>         # approve_passwd       [word] (t2.pass) <resend>
>         # Password to be used in the approved header to allow posting to
            ^^^^^^^^
>         # moderated list, or to bypass resend checks.

> what i wanted to do was change what is written in the config file because 
> in it's distributed state, config_parse.pl does not build a new 
> <list>.config file with the proper extention, if one happens to be using 
> the password file. (proper being what the rest of MD is searching for)

The fact that the default approve_passwd happens to end in ".pass" and
that the old password file ended in ".passwd" is pure coincidence.
Changing the approve_passwd default doesn't make resend look for a file
by that name (with one exception--see below).

> [...] it is really confusing to have MD say that there is no password
> file when i can see one in the $home/lists directory.
> 
> i had a test2.config file that said:
> approve_passwd      =   test2.pass
> 
> so i created the test2.pass file. MD mailed me an error message. 
> 
> when i:
> # mv test2.pass test2.passwd
> 
> without changing the test2.config line:
> approve_passwd = test2.pass
> 
> everything works fine

Of course it does, because the password file is named whatever.passwd
regardless of what approve_passwd is set to. They have no relation to
each other. They are totally distinct password mechanisms. Two of the
three passwords available, in fact, the third being the admin_passwd in
the .config file.

Now, having said all that, let me address the exception I alluded to
above. When the approve_passwd string begins with a '/' (which is *not*
the case you're claiming), resend interprets it as an absolute path to a
file which contains the password. Whoever put that hack in resend should
have his knuckles whacked 8 times with a data forms ruler. :-/

Absolute pathnames that are accessible via e-mail should always be
regarded with suspicion, but unless that pathname also describes
the list.passwd file (as /path/to/mj/lists/list.passwd, *not* just
list.passwd), no one ca change the password in that file without access
to the Mj machine. If it *does* describe that file, then the list
approver has the ability to change it via the Mj passwd command and also
has configuration privileges since the .passwd file password enables all
privileges for the list.

-- 
 Dave Wolfe

Indexed By Date Previous: Re: Even more musings
From: Brock Rozen <brozen@webdreams.com>
Next: Is anybody using this (mis)feature?
From: Dave Wolfe <dwolfe@risc.sps.mot.com>
Indexed By Thread Previous: Re: Even more musings
From: Brock Rozen <brozen@webdreams.com>
Next: Is anybody using this (mis)feature?
From: Dave Wolfe <dwolfe@risc.sps.mot.com>

Google
 
Search Internet Search www.greatcircle.com