From owner-freebsd-security Fri Feb 9 11:13:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtpout.kingston-internet.net (smtpout.kingston-internet.co.uk [212.50.161.69]) by hub.freebsd.org (Postfix) with ESMTP id 6E98737B69C for ; Fri, 9 Feb 2001 11:13:36 -0800 (PST) Received: from dialup28.manuel.kingston-internet.net ([212.50.176.28] helo=pmason.karoo.co.uk) by smtpout.kingston-internet.net with smtp (Exim 2.12 #8) id 14RIz8-00061F-00 for security@FreeBSD.ORG; Fri, 9 Feb 2001 19:13:34 +0000 Date: Fri, 9 Feb 2001 19:14:11 -0000 From: **1st Vamp** Reply-To: **1st Vamp** To: security@FreeBSD.ORG Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE X-Mailer: AK-Mail 3.1 publicbeta2a [eng] (unregistered) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Seems like the announce lists use majordomo to just check the From: header line, my best suggestion would be that the admins of the lists use a server (closed) posting solution, ergo you have to log in in order to post an announcement. - Vamp : On Fri, Feb 09, 2001 at 05:44:45PM +0100, Eric Cholet wrote: :> I received the following, what worries me is that the PGP signature :> verified, and it's not April 1st. WTF ?? : AFAIK it was not at all signed... unlike previous attempts by the same : "funny" person. But what got me worried (and what nobody apparently : understood from my post from yesterday) that this time the prankster : managed to post on both freebsd-announce and freebsd-security-announce, : which are supposed to be closed and moderated lists. : So does this effectively mean, that just by forging a From: header, I can : already post whatever I want on -announce? (An allegedly trusted resource) : If so, we (freebsd.org) have a security problem. (Hence the post on : -security, since we do not have any *public* mailing list for discussing : security matters wrt freebsd.org itself, before anyone asks again.) : If my allegation is not true, then what happened? : -- : Regards: : Szilveszter ADAM : Szeged University : Szeged Hungary : To Unsubscribe: send mail to majordomo@FreeBSD.org : with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message