Great Circle Associates List-Managers
(February 2003)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Majordomo hole
From: Jeffrey Goldberg <jeffrey @ goldmark . org>
Date: Fri, 7 Feb 2003 12:19:00 -0800 (PST)
To: list-managers <list-managers @ greatcircle . com>
In-reply-to: <3E43E2FF . 1070208 @ louisiana . edu>
References: <3E43E2FF . 1070208 @ louisiana . edu>
Reply-to: Jeffrey Goldberg <jeffrey @ goldmark . org>

On Fri, 7 Feb 2003, Istvan Berkeley wrote:

> Hi there,

> There is a report of a major security hole in most versions of Majordomo
> available at http://www.net-security.org/vuln.php?id=2416 I suggest
> folks get on top of this, otherwise the evil spammers may make our lives
> even more hellish.

I know that this was discussed on the MD list many years ago.  I know that
I modified a local copy of MD to set which access to list and also to
return no more than 5 matches (if I recall correctly) many years ago.

But I agree with the report that it is bad design to have the default so
open.

-j

-- 
Jeffrey Goldberg                            http://www.goldmark.org/jeff/
 Relativism is the triumph of authority over truth, convention over justice
 Hate spam?  Boycott MCI! http://www.goldmark.org/jeff/anti-spam/mci/


References:
Indexed By Date Previous: Re: Majordomo hole
From: Brian Edmonds <brian @ gweep . ca>
Next: Re: Majordomo hole my rear end!
From: Nick Simicich <njs @ scifi . squawk . com>
Indexed By Thread Previous: Re: Majordomo hole
From: Brian Edmonds <brian @ gweep . ca>
Next: Re: Majordomo hole my rear end!
From: Nick Simicich <njs @ scifi . squawk . com>

Google
 
Search Internet Search www.greatcircle.com