Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 9 Feb 2001 14:35:59 -0500 (EST)
From:      Matt Piechota <piechota@argolis.org>
To:        Szilveszter Adam <sziszi@petra.hos.u-szeged.hu>
Cc:        <security@FreeBSD.ORG>
Subject:   Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE
Message-ID:  <Pine.BSF.4.31.0102091430170.56649-100000@cithaeron.argolis.org>
In-Reply-To: <20010209195847.F27987@petra.hos.u-szeged.hu>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 9 Feb 2001, Szilveszter Adam wrote:

> AFAIK it was not at all signed... unlike previous attempts by the same
> "funny" person. But what got me worried (and what nobody apparently
> understood from my post from yesterday) that this time the prankster
> managed to post on both freebsd-announce and
> freebsd-security-announce, which are supposed to be closed and
> moderated lists.
>
> So does this effectively mean, that just by forging a From: header, I can
> already post whatever I want on -announce? (An allegedly trusted resource)
> If so, we (freebsd.org) have a security problem. (Hence the post on
> -security, since we do not have any *public* mailing list for discussing
> security matters wrt freebsd.org itself, before anyone asks again.)
>
> If my allegation is not true, then what happened?

I believe you just have to forge the "Moderated By:" header or something
similar.  I know some news groups (alt.2600.moderated, I believe) are
moderated, but have no person with moderator power.  You have to be l33t
enough to forge the news item to post.  I would assume mailing lists have
a similar hole.

You can't just forge the From: header, since I would assume the mail
server won't accept mail From: someone@freebsd.org from a non freebsd.org
machine, but I could be wrong.

-- 
Matt Piechota
Finger piechota@emailempire.com for PGP key
AOL IM: cithaeron





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0102091430170.56649-100000>