Majordomo-Workers: Re: [Fwd: BoS: Vulnerability in Majordomo]

Majordomo-Workers
(August 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: [Fwd: BoS: Vulnerability in Majordomo]
From:	Dave Wolfe <dwolfe @ risc . sps . mot . com>
Date:	Tue, 26 Aug 1997 12:52:35 -0500 (CDT)
To:	rra @ stanford . edu (Russ Allbery)
Cc:	majordomo-workers @ greatcircle . com
In-reply-to:	<m3d8n03lv7.fsf@windlord.Stanford.EDU> from "Russ Allbery" at Aug 26, 97 10:17:00 am

[ Russ Allbery writes: ]
> 
> Okay.  In that case, I think the most obvious patch to the current
> behavior is:
> 
[deleted]
> 
> This has the advantage of being nigh-minimal impact and should, as far as
> I can tell, resolve the security problem entirely.

But still diddles the return address, possibly invalidating a perfectly
valid address. Be patient. I'm testing a very simple fix that I think
has no impact except to remove the vulnerability.

-- 
 Dave Wolfe

Follow-Ups:

Re: [Fwd: BoS: Vulnerability in Majordomo]
From: Jason L Tibbitts III <tibbs@hpc.uh.edu>

References:

Re: [Fwd: BoS: Vulnerability in Majordomo]
From: Russ Allbery <rra@stanford.edu>

Indexed By Date	Previous:	Re: [Fwd: BoS: Vulnerability in Majordomo] From: Russ Allbery <rra@stanford.edu>
Indexed By Date	Next:	Re: [Fwd: BoS: Vulnerability in Majordomo] From: Dave Wolfe <dwolfe@risc.sps.mot.com>
Indexed By Thread	Previous:	Re: [Fwd: BoS: Vulnerability in Majordomo] From: Russ Allbery <rra@stanford.edu>
Indexed By Thread	Next:	Re: [Fwd: BoS: Vulnerability in Majordomo] From: Jason L Tibbitts III <tibbs@hpc.uh.edu>