Date: Sat, 13 Jan 2001 12:31:00 +0000 (UTC) From: naddy@mips.inka.de (Christian Weisgerber) To: freebsd-security@freebsd.org Subject: Re: Majordomo lists security Message-ID: <93phq4$1q24$1@kemoauc.mips.inka.de> References: <Pine.BSF.4.21.0101130002390.67378-100000@ren.sasknow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ryan Thompson <ryan@sasknow.com> wrote: > Is there a GOOD reason that, by default, /usr/local/majordomo/lists is > world readable? Does not just the "majordom" user/group ever read the > files contained therein? No, sendmail reads the subscriber list. It's just an :include:d alias expansion, after all. > I was notably concerned when I saw the administrative password > for each list stored clear text in a predictable world readable > file/directory. :-) You may get away with o-r on the .config files (aren't they already?), but the subscriber list itself must remain world-readable. -- Christian "naddy" Weisgerber naddy@mips.inka.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?93phq4$1q24$1>