Great Circle Associates Majordomo-Workers
(January 1997)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Patches: security bug with unzub * and master password
From: Oliver Xymoron <oxymoron @ waste . org>
Date: Mon, 20 Jan 1997 00:12:50 -0600 (CST)
To: majordomo-workers @ GreatCircle . COM

Friday, I discovered a slight security hole with MD 1.94.1: the
"unzubscribe *" command returns a message line for every list on the
system whether it is hidden or not. This is probably not the desired
behavior.

Further, "unzubscribe *" can't be used in conjunction with the approve
command because "*" isn't a list. This isn't relevent for most folks,
since they have different passwords for every list so it wouldn't work
anyway. But I wrote a patch a couple weeks ago to add a master password to
MD to allow me to control all my lists with a single password without
creating list.passwd files and symlinks, etc. 

My patch for master password is listed first as I applied the second patch
on top of it. Both these patches are at

http://waste.org/~oxymoron/majordomo

---------------------

This adds a master administrative password for majordomo 1.94.1
To use, add

$master_password = "$homedir/Passwd"

to majordomo.cf and then create $homedir/Passwd containing the master
password. The Passwd file must be owned by the user running majordomo
and have a mode of 600 or 400 (readable only by owner). Then this
password can be used for ALL administratitive commands.

You want to apply my unsubscribeall patch on top of this which fixes a 
security problem with "unsubscribe *" and allows 
"approve <masterpw> unsubscribe *" to work.
--- majordomo.pl.old	Sat Jan  4 16:19:50 1997
+++ majordomo.pl	Sun Jan  5 00:38:48 1997
@@ -467,6 +467,27 @@
     # is it a valid list?
     local($clean_list) = &main'valid_list($listdir, $list);
     if ($clean_list ne "") {
+	
+	if(-r $main'master_password)
+	{
+	    local(*PASSWD,$p);
+	    
+	    if(&main'lopen(PASSWD,"",$main'master_password))
+	    {
+		if((((stat(PASSWD))[2])&0466)==0400)
+		{
+		    $p=<PASSWD>;
+		    $p=&main'chop_nl($p);
+		    if($p eq $passwd)
+		    {
+			&main'lclose(PASSWD);
+			return 1;
+		    }         
+		}
+		&main'lclose(PASSWD);
+	    }
+	}
+    
 	# it's a valid list check config passwd first 
         if (defined($main'config_opts{$clean_list,"admin_passwd"}) &&
             $passwd eq $main'config_opts{$clean_list,"admin_passwd"} ) 

-------------------------

This patch fixes a security problem with "unsubscribe *" in MD 1.94.1.
Before, a user who sent in an "unsubscribe *" command would get back a
list of failure notices that amounted to a display of all lists,
whether they were hidden or not. This patch may be problematic by
itself as it was written on top of my master password patch and allows
a Majordomo administrator to use "approve <masterpw> unsubscribe *
<user>" to remove a user from all lists.
--- majordomo.old	Fri Jan 17 09:36:34 1997
+++ majordomo	Sun Jan 19 23:50:17 1997
@@ -294,6 +294,7 @@
 while (<>) {
     $approved = 0;			# all requests start as un-approved
     $confirmed = 0;                     # all requests start as un-confirmed
+    $quietnonmember = 0;                # show non-member on unsubscribe
     while ( /\\\s*$/ ) {		# if the last non-whitespace
 	&chop_nl($_);			 # character is  '\', chop the nl
 	s/\\\s*$/ /;			 # replace \ with space char
@@ -479,12 +480,13 @@
     @lists = readdir(RD_DIR);
     closedir(RD_DIR);
 
+    $quietnonmember=1;
+
     foreach (sort @lists) {
 	$list = $_;
 	$list =~ s,^.*/,,;		# strip off leading path
 	$list =~ /[^-_0-9a-zA-Z]/ && next; # skip non-list files (*.info, etc.)
 
-	print REPLY "Doing 'unsubscribe $list ", join(' ', @parts), "'.\n";
 	unshift(@parts, $list);
 	&do_unsubscribe(@parts);
 	shift(@parts);
@@ -500,12 +502,12 @@
     local($list) = shift;
     local($clean_list);
     local(*NEW);
+
     if ($list =~ /^\*$/) {
     	&do_unsubscribe_all(@_);
     	return 0;
     }
 
-
     if ( ((!$list) || ! ($clean_list = &valid_list($listdir, $list)))
 	&& defined($deflist)) {
         unshift(@_,$list) ; 				# Not a list name, put it back.
@@ -534,10 +536,13 @@
 
 	# Check to see if the subscriber really is subscribed to the list.
 	if (! &is_list_member($subscriber, $listdir, $clean_list)) {
-	    print REPLY <<"EOM";
+	    if(!$quietnonmember)
+	    {
+		print REPLY <<"EOM";
 **** unsubscribe: '$subscriber' is not a member of list '$list'.
 **** contact "$list-approval\@$whereami" if you need help.
 EOM
+            }
 	    return 0;
 	}
 	
@@ -615,6 +620,9 @@
 		if (defined $deflist) {
 		  print REPLY "Succeeded (from list $deflist).\n";
 		}
+		elsif($quietnonmember) {
+		  print REPLY "Succeeded (from list $clean_list)\n";
+		}
 		else {
 		  print REPLY "Succeeded.\n";
 		}
@@ -652,7 +660,10 @@
     local($sm) = "approve";
     local($list) = shift;
     local($clean_list);
-    if ( ((!$list) || ! ($clean_list = &valid_list($listdir, $list)))
+
+    if ( ((!$list) || 
+	  !(($list eq "*" && $cmd eq "unsubscribe" && ($clean_list=$list)) ||
+	    ($clean_list = &valid_list($listdir, $list))))
 	&& defined($deflist)) {
         unshift(@_,$list) ; 				# Not a list name, put it back.
 	$list=$deflist || &squawk("$sm: which list?");	# set the list to deflist

--
 "Love the dolphins," she advised him. "Write by W.A.S.T.E.." 



Follow-Ups:
Indexed By Date Previous: Why do I keep getting copies of Share the Wealth . . .
From: Lisa <lisabifem@usa.net>
Next: Re: Subscriber Summary Patch
From: Dave Wolfe <dwolfe@risc.sps.mot.com>
Indexed By Thread Previous: Why do I keep getting copies of Share the Wealth . . .
From: Lisa <lisabifem@usa.net>
Next: Re: Patches: security bug with unzub * and master password
From: Dave Wolfe <dwolfe@risc.sps.mot.com>

Google
 
Search Internet Search www.greatcircle.com