Bugtraq mailing list archives
Re: Majordomo and EXPN
From: cmconwa () SANDIA GOV (Christopher M. Conway)
Date: Wed, 22 Oct 1997 10:25:27 -0600
This is actually correctable by putting the arguments for resend into a file... local users could still get at the data (potentially) by grabbing the file if it's not protected, but remote users can't. You still have the problem that someone could conceivably guess the actual alias that you're using-- but that problem exists regardless. At any rate, you can see what I mean from my system. It's not online right now (periodic connections to the net), but you'll see something like this from an expn: expn mylist 250 <"|/usr/local/mail/majordomo/wrapper resend @mylist.resend"@myhost.com> expn mylist-outgoing 550 mylist-outgoing... User unknown expn mylist-code1389110-outgoing 250 .... the whole list of subscribers ... (Since my system isn't online right now, I can't verify that this is *exactly* what it looks like, nor the exact syntax for resend, but it's something like that). mylist.resend actually has the arguments including the actual outgoing alias. So, you'd have to guess that the actual outgoing address has that arbitrary stuff in it (-code1389110-)-- which is exactly how I cobble up those addresses. (not that exactly, of course, but it's similar.) Now, I've got to fix something in sendmail, however, that puts that address (the actual outgoing alias) in the headers of the messages-- so once someone subscribes, they *could* get access to the whole list. (Note: these lists are run from my own domain, not sandia.) -- Christopher M. Conway U*IX and C Guru Don't Tread on Me cmconwa () sandia gov wombat () prickly-wombat com We must all hang together, or, most assuredly, we will all hang separately. I'll be post-feminist in the post-patriarchy.
Current thread:
- Re: Majordomo and EXPN Christopher M. Conway (Oct 22)