Majordomo-Workers: Re: [Fwd: BoS: Vulnerability in Majordomo]

Majordomo-Workers
(August 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: [Fwd: BoS: Vulnerability in Majordomo]
From:	Russ Allbery <rra @ stanford . edu>
Date:	26 Aug 1997 12:30:40 -0700
To:	majordomo-workers @ greatcircle . com
In-reply-to:	Mats Wichmann's message of Tue, 26 Aug 1997 13:08:07 -0600
References:	<3.0.1.32.19970826130807.00826160@laplaza.org>

Mats Wichmann <mats@laplaza.org> writes:
> At 01:35 PM 8/26/97 -0500, Dave Wolfe wrote:

>> The root cause of the problem is that the reply address is used within
>> an eval() in the do_lists() function of majordomo.

> The perl "taint" checks should catch such a usage.  Is it possible to
> run MD in taint-check mode?

The current implementation, no.  I believe that's one of the major things
which will be added in the current in-progress rewrite.

-- 
Russ Allbery (rra@stanford.edu)         <URL:http://www.eyrie.org/~eagle/>

References:

Re: [Fwd: BoS: Vulnerability in Majordomo]
From: Mats Wichmann <mats@laplaza.org>

Indexed By Date	Previous:	Re: [Fwd: BoS: Vulnerability in Majordomo] From: Mats Wichmann <mats@laplaza.org>
Indexed By Date	Next:	Re: [Fwd: BoS: Vulnerability in Majordomo] From: Brian Behlendorf <brian@hyperreal.org>
Indexed By Thread	Previous:	Re: [Fwd: BoS: Vulnerability in Majordomo] From: Mats Wichmann <mats@laplaza.org>
Indexed By Thread	Next:	Re: [Fwd: BoS: Vulnerability in Majordomo] From: Bill Houle <Bill.Houle@SanDiegoCA.NCR.COM>