LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Resending mail from Jose Maria Blasco

Eric Thomas <ERIC@FRECP11>

Wed, 10 Sep 1986 17:30 SET

text/plain (57 lines)

  Because of problems at both FRMOP11 (RSCS  V2 swallowing a few NJI codes from
the file)  and FRORS31  (being a  JES3 node), Spain  cannot reach  FRECP11 (and
probably  a few  other nodes).  We  had to  transfer this  file via  MSGXFER...

*-----------------------------------------------------------------------------*
Date:         Wed, 10 Sep 1986 15:55:44 ABC
From:         Jose Maria Blasco Comellas <ZCCBJBC@EB0UB011>
Subject:      Open subscription and private rev
To:           Distribution list <LSTSRV-L@FRECP11>

If  a list  is defined  as Subscription=  Open, setting  it to  Review= Private
(or Stats= xxx,Private) should have no effect. Consider the following
dialog:

  tell listserv at uiucvmd stats REXX-L
  R;
  FROM UIUCVMD(LISTSERV):  * You  are not authorized  to review  statistics for
  list REXX-L
  tell listserv at uiucvmd subscribe REXX-L anyname
  R;
  FROM UIUCVMD(LISTSERV): * You have been added to list REXX-L
  tell listserv at uiucvmd stats REXX-L
  R;
  FROM UIUCVMD(LISTSERV): File "REXX-L STATREPT" has been sent to you
  tell listserv at uiucvmd signoff REXX-L
  R;
  FROM UIUCVMD(LISTSERV): * You have been removed from list REXX-L

(The same stands for the REView command)

If  the list  has  been defined  as  Notify= No  (which is  the  case for  list
REXX-L at UIUCVMD) the only means of detecting such an
unauthorized (?) access is inspecting the LISTSERV's console log.

What to do? -- either define the list as validate= All Commands or
set it to Notify= Yes, so that this kind of access to the list can
be discouraged or at least detected. In any case, I think that
Subscription= Open, Validate= Store Only, Notify= No should
have priority over Review= Private and force it to Review= Public.

Any ideas?

J. M. Blasco
*-----------------------------------------------------------------------------*
My reply: DIRMAINT checks the operand of a CMS command to make sure that it can
not cause any  VM READ state. "If  command = 'SORT' or command  = 'FORMAT' then
reject". Now if I  do a EXEC ZAZA with ZAZA EXEC containing  a &READ VARS, here
I go. My  opinion on all that kind  of problems is that if the  person who sent
the command/installed the server/configured  the list specified stupid options,
then the result will be stupid. You  can configure a list with review= postmas-
ter,  send= public,  subscription= open,  files= no  while formcheck=  yes, and
even a notebook  on the D-disk (t-disk), confidential= yes  but validate= store
only and  pw='', etc. However,  I might indicate in  LISTKEYW MEMO the  sets of
options that are "stupid", if that may help. Any comment?

  Eric

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM