Majordomo-Workers: Re: [Fwd: BoS: Vulnerability in Majordomo]

Majordomo-Workers
(August 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: [Fwd: BoS: Vulnerability in Majordomo]
From:	Dave Barr <barr @ cis . ohio-state . edu>
Date:	Tue, 26 Aug 1997 17:54:26 -0400
To:	majordomo-workers @ GreatCircle . COM
In-reply-to:	Your message of "26 Aug 1997 15:45:47 CDT." <ufag1rwsmf8.fsf@sina.hpc.uh.edu>
References:	<Dave Wolfe's message of Tue, 26 Aug 1997 09:52:43 -0500 (CDT)> <199708261452.JAA14616@miaow.risc.sps.mot.com> <3.0.3.32.19970826131612.008b7210@hyperreal.org> <ufag1rwsmf8.fsf@sina.hpc.uh.edu>

In message <ufag1rwsmf8.fsf@sina.hpc.uh.edu>, Jason L Tibbitts III writes:
>+    # Squash some special address characters that, while legal, can be used
>+    # to abuse us.
>+    $reply_addr =~ s![~`/]!!g;

I don't agree with these sorts of changes.  Fix the code so it
never invokes the shell, and you stop everything at the source.

--Dave

References:

Re: [Fwd: BoS: Vulnerability in Majordomo]
From: Dave Wolfe <dwolfe@risc.sps.mot.com>
Re: [Fwd: BoS: Vulnerability in Majordomo]
From: Brian Behlendorf <brian@hyperreal.org>
Re: [Fwd: BoS: Vulnerability in Majordomo]
From: Jason L Tibbitts III <tibbs@hpc.uh.edu>

Indexed By Date	Previous:	Re: [Fwd: BoS: Vulnerability in Majordomo] From: Oliver Xymoron <oxymoron@waste.org>
Indexed By Date	Next:	Re: [Fwd: BoS: Vulnerability in Majordomo] From: Bill Houle <Bill.Houle@SanDiegoCA.NCR.COM>
Indexed By Thread	Previous:	Re: [Fwd: BoS: Vulnerability in Majordomo] From: Dave Wolfe <dwolfe@risc.sps.mot.com>
Indexed By Thread	Next:	Re: [Fwd: BoS: Vulnerability in Majordomo] From: Brian Behlendorf <brian@hyperreal.org>