[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Anonymous code name allocated. // penet hack
On Tue, 2 Aug 1994, L. Todd Masco wrote:
> Doug Cutrell writes:
> > I'd like to understand what Todd's "hack" means... I assume that he's
> > talking about telnetting to the sendmail port. But I thought that anyone
> > could unsubscribe anyone from cypherpunks by simply sending a message with:
> >
> > unsubscribe cypherpunks [email protected]
> >
> > It isn't even necessary to forge the return address, because majordomo
> > doesn't check. I just pulled majordomo's help file. It's appended below.
>
> In my experience, listservers will clear any commands that don't come from
> the person affected by passing them on for processing by the list
> maintainer as a security precaution. I had assumed majordomo
> did this, but I'm not certain.
NOTE: all versions of majordomo do not permit this. I know that for the
majordomo lists I run, it does do some internal checking to see that the
address that mailed the unsubscribe command matches the one in the
subscription roles, and if it doesn't, it forwards that message to the
majordmo-owner address to be dealt with.
BUT, you can turn off this 'feature' and have majordomo automatically
recognize and execute all commands pertaining to that list.
____ Robert A. Hayden <=> [email protected]
\ /__ -=-=-=-=- <=> -=-=-=-=-
\/ / Finger for Geek Code Info <=> I do not necessarily speak for the
\/ Finger for PGP Public Key <=> City of Mankato or anyone else, dammit
-=-=-=-=-=-=-=-
(GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$
P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++
j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++**