[Mailman-Developers] URGENT!!!! security problems
Gergely Madarasz
gorgo@caesar.elte.hu
Thu, 23 Jul 1998 19:05:38 +0200 (METDST)
Hello!
There are BIG security problems with mailman. For example a list
administrator can subscribe an "email address" like this with mass
subscribe:
`touch /tmp/gotcha`
Then when someone sends mail to the list, the command is executed... this
means any list administrator can get access to user running mailman
on the list server. I could not achieve the same when trying to
subscribe as a normal user, but i cannot say that it is safe. This needs a
very urgent fix.
Greg
Ps. thanks to Endre Hirling <endre@dawn.elte.hu> for pointing this problem
out to me
--
Madarasz Gergely gorgo@caesar.elte.hu gorgo@linux.rulez.org
It's practically impossible to look at a penguin and feel angry.
Egy pingvinre gyakorlatilag lehetetlen haragosan nezni.
HuLUG: http://www.cab.u-szeged.hu/local/linux/