On Thu, 04 Apr 2002 11:07:30 -0800 Chuq Von Rospach <chuqui@plaidworks.com> wrote:

Oh, man. This is my week for weird stuff.

Yea and verily.

The question I'm bringing up is, I guess, is this something mailman needs to worry about? Should it require that the returned token come from the address being subscribed? (or does it already? In this case, it came from a generic mailbot address @ that domain. An address which, fwiw, bounces if you mail to it. Grimace.). I realize that the "reply to confirm" is easy for users, but does it leave us open to abuse in other ways? Should we make some cahnge to the process that requires a person to do something?

Mailman is becoming ubiquitous enough that I expect we'd do better to paranoid in advance than retroactively.

I don't have a good answer for any of this. I'm not even sure we should consider it a problem. But since I've identified it as a possible security flaw, I want to throw it out and let everyone chew on it.

Majordomo attempts to work around this by embedding a confirm token in the body of the message. To confirm the subscription you have to send that line back, unedited, to the list server. Happily, MD is fairly generous about line wrapping, quote prefixes etc.

On the other hand, IS it their fault for building a stupid tool? Or is that no excuse to not protect ourselves from stupidity?

There's no simple blanket answer as regards blame here:

It is their fault for both installing and running a stupid auto-responder. Mailman Death Penalties are too good for them.

It is our fault for writing and advocating a list server that is so trivially abused by stupid systems.

At some point you have to drop back and say enough is enough and give up trying to stop stupid people I think thi Subject: business comes before that point however.

-- J C Lawrence
---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.