Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Qmail>
  3. users
qlist and secure lists
nelson at crynwr
Feb 21, 1997, 6:47 PM
Post #1 of 2 (527 views)
Permalink
Vince Vielhaber writes:
> I was just going over Russ' script for securing a mailing list:
>
> |grep "^[#&]$SENDER$" ".qmail-$EXT" || (echo "You are not authorized to
> send mail to this list."; exit 1)
> &address
> &address
> ...
>
> Then I wanted to use qmail to handle subscriptions, BUT qmail seems
> to dislike this arrangement because qlist sets the x bit and qmail
> rejects the pipe *because* the x bit is set. Fun, huh?
>
> Here's the question. Is it acceptable to chmod u-x the file in the
> .qmail-listname-request file? Would this work? Can anyone think of
> any drawbacks?

Sure. You're destroying the security increase caused by disallowing
commands in the .qmail-listname file. What you should do is either
use my qlist patch (on http://www.qmail.org), or else accomplish the
same thing by inserting a +list command, like this:

|grep "^[#&]$SENDER$" ".qmail-$EXT" || (echo "You are not authorized to send mail to this list."; exit 1)
+list
&address
&address

--
-russ <nelson@crynwr.com> http://www.crynwr.com/~nelson
Crynwr Software sells network driver support | PGP ok
521 Pleasant Valley Rd. | +1 315 268 1925 voice | Peace, Justice, Freedom:
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | pick two (only mostly true)
Re: qlist and secure lists [ In reply to ]
jeff at apex
Mar 3, 1997, 11:20 AM
Post #2 of 2 (511 views)
Permalink
On 22 Feb 1997, Russell Nelson wrote:

> > Here's the question. Is it acceptable to chmod u-x the file in the
> > .qmail-listname-request file? Would this work? Can anyone think of
> > any drawbacks?

I ran into this same problem today...

> Sure. You're destroying the security increase caused by disallowing
> commands in the .qmail-listname file. What you should do is either

I'm curious as to how it destroys the security. I'm not questiong you (as
I'm pretty new to qmail), but I'm curious and would appreciate an
explanation.

> use my qlist patch (on http://www.qmail.org), or else accomplish the
> same thing by inserting a +list command, like this:
>
> |grep "^[#&]$SENDER$" ".qmail-$EXT" || (echo "You are not authorized to send mail to this list."; exit 1)
> +list
> &address
> &address

What does +list do exactly? The only reference I could find do it was in
the CHANGES file...

'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'
`' Jeff Carneal / Sys Admin \ Apex Internet `'
`' jeff@apex.net http://www.apex.net `'
`' The opinions expressed above aren't really mine. They belong to `'
`' someone else who also refuses to take responsibility for them. `'
'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal