Re: Anonymous code name allocated. // penet hack

["Robert A. Hayden" <hayden@vorlon.mankato.msus.edu>]

On Tue, 2 Aug 1994, L. Todd Masco wrote:

> Doug Cutrell writes:
>  > I'd like to understand what Todd's "hack" means... I assume that he's
>  > talking about telnetting to the sendmail port.  But I thought that anyone
>  > could unsubscribe anyone from cypherpunks by simply sending a message with:
>  > 
>  > unsubscribe cypherpunks obnoxious@jerk.com
>  > 
>  > It isn't even necessary to forge the return address, because majordomo
>  > doesn't check.  I just pulled majordomo's help file.  It's appended below.
> 
> In my experience, listservers will clear any commands that don't come from
>  the person affected by passing them on for processing by the list
>  maintainer as a security precaution.  I had assumed majordomo
>  did this, but I'm not certain.

NOTE: all versions of majordomo do not permit this.  I know that for the 
majordomo lists I run, it does do some internal checking to see that the 
address that mailed the unsubscribe command matches the one in the 
subscription roles, and if it doesn't, it forwards that message to the 
majordmo-owner address to be dealt with.

BUT, you can turn off this 'feature' and have majordomo automatically 
recognize and execute all commands pertaining to that list.

____        Robert A. Hayden       <=> hayden@vorlon.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or anyone else, dammit
-=-=-=-=-=-=-=-
(GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ 
		P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++
		j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++**