LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Automatic Signoff

David Sitman <[log in to unmask]>

Mon, 27 Aug 90 12:47:19 IST

text/plain (74 lines)

On Sun, 26 Aug 90 18:02:22 O Eric Thomas said:
>>Once  again,  it's  time  for  me  to  complain  about  this  ridiculous
>>"Validate= All commands" behavior.
>
>David,  this is  not the  default setting.  If you  don't like  it, don't
 
I never use this option at my site, but many lists to which I belong do.
And a few times I have waited weeks and sent repeated requests before
being removed from a list.
 
>specify it  explicitly. "Validate= All"  means you  want your list  to be
>safe, which  in turn means  that a  hacker should not  be able to  add or
>delete people, period. What do you  do if, tomorrow morning, you find out
 
But a hacker CAN add whomever he wishes as things now stand.
 
>that the 5  most important local lists  you had (you know,  the ones with
>important people at  your site, people at the level  of your boss's boss)
>no longer have  50 subscribers but instead point  to LINKFAIL@BITNIC, and
>the relatively  confidential note your  boss's boss  posted to it  in the
>morning was distributed  to the world? You wouldn't like  that to happen,
>would you?  Well that's what  "Validate= All" and  "Subscription= Closed"
>are for. It  doesn't make sense for  all lists, but for some  lists it is
>desirable.
 
I love the "Subscription= Closed" parameter. It will prevent the above
situation. "Validate= All" won't help here at all.
 
>>I could easily  send mail that looks like it  comes from ERIC@SEARN, and
>>it would be automatically be distributed to all list members.
>
>That's if the list is "Send= Public", which doesn't match the "profile" I
>have described above.
 
But Mignon's list (and many others with "Validate= All") DO have it.
 
>>I could subscribe to the list (and 100 other lists as well) as "Stubborn
>>Mule" <ERIC@SEARN> so that Eric would be flooded with mail.
>
>That's again if the list is "Subscription= Open", which doesn't make much
>sense for "Validate= All".
 
But that's what many lists have. I would guess that most people who receive
ownership of a list don't understand the impact of many of the list header
keywords. This is probably true of many Listserv postmasters as well. And
so, list headers are probably copied from one list to another at a site
without much attention to the less noticeable parameters such as "Validate".
 
The "Validate= All" as it now works doesn't do much to stop a nefarious
hacker. Moreover, it creates a situation in which a user may be powerless to
get off a list or stop receiving mail from a list. There must be a better way.
Eric doesn't seem receptive to the idea of adding the personal password as
another legitimate password for making changes in a "Validate= All" list,
so I'll try another idea: in this type of situation, Listserv sends a
request for confirmation:
 
   From:  Listserv@XYZ
   To:    listmember@node
 
   A request to SIGNOFF list ABC-L has been received from your userid.
   List ABC-L requires command confirmation. To confirm this SIGNOFF,
   send the following to LISTSERV@XYZ:
        CONFIRM SIGNOFF ABC-L a86d765
 
where "a86d765" is some unique string that Listserv has generated and stored
along with the pending command. The only way the hacker could fake this is
by intercepting the person's incoming mail as well. After all, in the present
situation, how does the list owner know if a SIGNOFF request is genuine or
not? If the owner automatically executes all commands, the "Validate= All"
is not needed, otherwise the owner must confirm with the requestor. With my
new suggestion, confirmation is automated.
 
David

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM