Great Circle Associates Majordomo-Workers
(January 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: approve_passwd abs. path patch
From: Dave Wolfe <dwolfe @ risc . sps . mot . com>
Date: Wed, 1 Jan 1997 15:29:15 -0600 (CST)
To: cwilson @ slurp . neu . sgi . com (Chan Wilson)
Cc: majordomo-workers @ greatcircle . com (Majordomo developer's mailing list)
Reply-to: Dave Wolfe <david_wolfe @ risc . sps . mot . com> 
This patch removes the misfeature in resend that looks for an absolute
path in the approve_passwd or -a string to use as a file containing the
actual password. Such a pathname is a security risk, can't be managed
remotely, and, if set to the list.passwd file, is a security trap for
the naive.

--- resend.orig	Mon Dec 23 09:04:45 1996
+++ resend	Wed Jan  1 15:18:52 1997
@@ -191,16 +191,6 @@
 &set_abort_addr($sender);
 &set_log($log, $opt_h, "resend", $opt_l);
 
-# if approve_passwd (or -a) starts with a leading /, there is a file 
-# that holds the password.
-#
-if (defined($opt_a)) {
-    if ($opt_a =~ /^\//) {
-	open(PWD, $opt_a) || die("resend: open(PWD, \"$opt_a\"): $!");
-	$opt_a = &chop_nl(<PWD>);
-    }
-}
-
 if (defined($opt_A) && ! defined($opt_a)) {
     die("resend: must also specify '-a passwd' if using '-A' flag");
 }

-- 
 Dave Wolfe
Indexed By Date Previous: Is anybody using this (mis)feature?
From: Dave Wolfe <dwolfe@risc.sps.mot.com>
Next: Re: Is anybody using this (mis)feature?
From: Brent Chapman <Brent@GreatCircle.COM>
Indexed By Thread Previous: Re: Is anybody using this (mis)feature?
From: Brent Chapman <Brent@GreatCircle.COM>
Next: Patch to logsummary.pl
From: tnelson@cherokee.cs.mci.com (Tony Nelson)
Google
 
Search Internet Search www.greatcircle.com