[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [Cobalt] Security Advisory - Majordomo

Subject: Re: [cobalt-users] [Cobalt] Security Advisory - Majordomo
From: Jeff Bilicki <jeffb@xxxxxxxxxxxxx>
Date: Mon Jan 10 11:50:38 2000

This problems exists in all versions of majordomo, I would suggest
downloading the security patch to /tmp.  
ls -alR /usr/local/majord > /tmp/permissons.old
cd /tmp
mkdir tmp
cd tmp
(pwd /tmp/tmp)
tar xzvf ../RaQ2-Security-2.93.pkg
perl -pi -e 's#/usr/local/majordomo#/usr/local/majord#g' majordomo.patch
/usr/bin/patch -p0 < majordomo.patch
ls -alR /usr/local/majord > /tmp/permissons.new
diff -uNr /tmp/permissons.old /tmp/permissons.new 

Then use chown to restore any permissions that where lost, you can also
cut and paste part of the upgrade_me into a shell script to do the same
thing.  
(change the patch file)
perl -pi -e 's#/usr/local/majordomo#/usr/local/majord#g' majordomo.patch

(run the script)
#!/bin/sh
FILES="archive2.pl bounce-remind config-test digest majordomo
request-answer resend"
RESEND=/usr/local/majord/resend
if [ -e $RESEND ]; then
  FUID=`ls -l $RESEND | awk '{print $3}'`
  FGID=`ls -l $RESEND | awk '{print $4}'`
  /usr/bin/patch -p0 < majordomo.patch >> /var/cobalt/adm.log 2>&1
  pushd /usr/local/majordomo >> /var/cobalt/adm.log 2>&1
  chown $FUID.$FGID $FILES
  popd >> /var/cobalt/adm.log 2>&1
fi

This of course is unsupported, and I have not tested it.  I hope it
points you in the correct direction however.  

Jeff-

Jeff Lasman wrote:
> 
> Jeff,
> 
> This MAY create some problems for me.  I have two incidences of Majordomo
> installed on my RaQ2.  One that came with it; it's at /usr/local/majordomo,
> and one that I installed, at usr/local/majord after customer service told
> me they couldn't support me setting up complex lists using the installed
> Majordomo.
> 
> The package will of course "fix" the preinstalled one.  It won't do a thing
> for the one I installed myself, I'm sure.
> 
> And frankly, I don't use the preinstalled one.
> 
> I didn't see any fixes or mention of problems on the <www.greatcircle.com>
> site.  Nor do I see any issues brought up in the Majordomo mailing list.
> 
> Is this a problem local to your own version of Majordomo?  Or should all
> Majordomo's be changed?
> 
> Thanks for your response.
> 
> Jeff
> 
> At 04:55 PM 1/9/00  Jeff Bilicki wrote:
> >Basically it fixes the way Majordomo opens file handles, instead of
> >using the default perl open command (which can open anything) it uses
> >sysopen.  I have attached a diff of changed files.
> 
> --
> Jeff Lasman, nobaloney.net
> <jblists@xxxxxxxxxxxxx>
> <www.nobaloney.net>, <www.mailtraqna.com>, <www.email-lists.com>
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- Re: [cobalt-users] [Cobalt] Security Advisory - Majordomo
  - From: Jeff Lasman

References:
- Re: [cobalt-users] [Cobalt] Security Advisory - Majordomo
  - From: Jeff Lasman
- Re: [cobalt-users] [Cobalt] Security Advisory - Majordomo
  - From: Jeff Lasman

Prev by Date: Re: [cobalt-users] RaQ3i-POP-before-Relay-1.1.pkg.
Next by Date: Re: [cobalt-users] [Cobalt] Security Advisory - Majordomo
Previous by thread: Re: [cobalt-users] [Cobalt] Security Advisory - Majordomo
Next by thread: Re: [cobalt-users] [Cobalt] Security Advisory - Majordomo

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index