Bug#4752: majordomo quoting problem in advertisement decision
Package: majordomo
Version: 1.93-3
In order to get the advertise/noadvertise config settings to work it
is necessary to apply the patch below. It would be better if
majordomo checked $@ to see why the eval failed if it had.
It seems likely that majordomo without the patch below is a serious
security problem, since $reply_addr might have ` or " in it or
something.
Ian.
--- /usr/lib/majordomo/majordomo~ Wed Jan 17 00:36:02 1996
+++ /usr/lib/majordomo/majordomo Fri Oct 11 16:01:13 1996
@@ -881,7 +881,7 @@
if ($'config_opts{$list, 'advertise'} ne '') {
@array = split(/\001/,$'config_opts{$list, 'advertise'});
foreach $i (@array) {
- $command = "(qq~$reply_addr~ =~ $i)";
+ $command = "(\$reply_addr =~ $i)";
$result = 1, last if (eval $command);
}
} else { $result = 1; }
@@ -891,7 +891,7 @@
@array = split(/\001/,$'config_opts{$list, 'noadvertise'});
foreach $i (@array) {
- $command = "(qq~$reply_addr~ =~ $i)";
+ $command = "(\$reply_addr =~ $i)";
$result = 0, last if (eval $command);
}
}
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: