CERN Eric Thomas <ERIC@CEARN>
Fri, 25 Mar 88 23:23:00 GVA
|
Sorry for the cross posting.
I had decided that I was fed up with getting rejection mail because of folded
quoted lines, and decided to develop a fix for that. While doing so, I
discovered a very important security exposure in the code. I won't give any
detail for obvious reasons, but it's the same bug as the legendary J23019DT
for RSCS.
All Crosswell mailer sites are urged to install the ERIC02 fix available from
LISTSERV@CEARN (see below), ESPECIALLY IF THEY HAVE GRANTED PRIVILEGE CLASS B
TO THE MAILER.
I have created an XWELLFIX PACKAGE on LISTSERV@CEARN into which I will stuff
all the fixes I develop for the Crosswell mailer (that's something I won't be
doing unless I have a really good reason to, such as getting 100 pieces of
rejected mail in my reader because of a folded 'From:', or a major security
hole). I AM NOT GOING TO TAKE UP THE MAINTENANCE OF THE CROSSWELL MAILER. I
DON'T NEED YOUR TELLING ME IT'S A PITY EITHER, ESPECIALLY WHEN 'YOU' IS GOING
TO MEAN 200 PERSONS. Thanks.
So, you can obtain the fixes from LISTSERV@CEARN by issuing either:
1. A 'GET XWELLFIX PACKAGE', which will send you all the fixes. You should
consider AFDing to it in case I add new fixes to the package. At present
there are 3 PTFs totalling some 30 lines.
2. An 'INDEX' command, followed by a GET for each of the PTFs you are
interested in.
3. A 'GET MAILER MODULE' for a complete replacement of the object module, if
you are an OCO shop. That's an 1.25 version, with just the XWELLFIX mods.
Do NOT ask me for a copy of the files. Any request sent to my reader will be
discarded. The files are GET=ALL.
Disclaimer: I have tested the fixes only on a test mailer account. If it
breaks, don't shout at me :-)
Eric
|
|
|