At 08:50 AM 10/16/97 -0500, Dave Wolfe wrote:
>
>[ Mark Rauterkus writes: ]
>> Not sure what [...] David, mean with the following.
>
>I haven't studied the Majorcool source to see what sort of security
>problems it contains (no time for such games, that's the author's job
>:-) ), but from a quick peek at the posted URL, it appears that Mjcool
>side-steps the issue by disallowing all sorts of otherwise valid address
>forms. While that may limit its security exposure, it also limits its
>application and usefulness, and it still doesn't prevent anyone from
>finding out if any specific address is subscribed to a given list.
Older versions of MajorCool used a contrived regexp to validate an
address's syntax. As most will agree, it is difficult to come up with a
regexp that will accurately quantify every idiosyncracy of valid RFC822
syntax. Therefore, more recent versions rely mainly on the valid_addr
function provided by Majordomo. So no, MajorCool does not "disallow all
sorts of valid address forms" (any more so than does Majordomo).
As to the programmatic issue (Mark), (as Dave already explained) an
"interactive" Web utility does not eliminate the potential for hacking,
since one can still create an automated program to feed values over an HTTP
port to the MajorCool program. However, I think Dave's assumption was also
that MajorCool allowed the same wh*ch-style substring matching that
Majordomo does, so even though "wh*ch" is turned off in your Majordomo, one
could still feed "a@" "b@" etc to MajorCool to discover all list members.
But since MajorCool supports exact-match rather than substring matching,
this is incorrect.
It is true that it will not prevent anyone from seeing specific addresses.
However, you would have to iterate over every single alphanumeric string
permutation to be able to identify all subscribers of a list. Assuming that
was a computationally reasonable thing to do in the first place, the same
could be done with mail to Majordomo as well.
--bill
Follow-Ups:
|
|
