[Mailman-Users] Unsubscription Script, Try #3
Christopher P. Lindsey
lindsey at mallorn.com
Tue Jan 16 05:31:40 CET 2001
> We are using your script on our live lists with great success.
> I'm sure many lists will find this useful and I'm hoping to see it
> in one of the future Mailman releases as a built-in feature. A
> 'confirmed unsubscription' similar to this but with a 'pending
> unsubscriptions' db and random numbers would be the final
> step, but we're more than satisfied now.
I just looked at the script for the first time, and it looks pretty good.
I did have one comment about the use of /tmp for the temporary file...
Since /tmp isn't a secured directory, it's possible for someone to
exploit the known filename... For example, if I create a symlink from
/tmp/bobo at example.com to a file owned by the user that sendmail runs
as, then send mail to your script with a From address of bobo at example.com
it'll overwrite the original file.
You're probably better off creating a directory like ~mailman/tmp,
giving your script permissions to use it, then using that...
Of course, this only applies if people have access to your systems,
but it's still good practice (heck, you could exploit it via a .procmailrc
or a .forward, too).
I don't know if anyone mentioned this or not, but the script should probably
only be readable by the user that can execute it, otherwise your mmsitepass
password could be readable by others too (again, via .procmailrc, .forward,
More information about the Mailman-Users