From owner-freebsd-security  Fri Jan 12 22: 5:37 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131])
	by hub.freebsd.org (Postfix) with ESMTP id 3BC5137B401
	for <freebsd-security@freebsd.org>; Fri, 12 Jan 2001 22:05:20 -0800 (PST)
Received: from localhost (ryan@localhost)
	by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id AAA68358
	for <freebsd-security@freebsd.org>; Sat, 13 Jan 2001 00:05:10 -0600 (CST)
	(envelope-from ryan@sasknow.com)
Date: Sat, 13 Jan 2001 00:05:10 -0600 (CST)
From: Ryan Thompson <ryan@sasknow.com>
To: freebsd-security@freebsd.org
Subject: Majordomo lists security
Message-ID: <Pine.BSF.4.21.0101130002390.67378-100000@ren.sasknow.com>
Organization: SaskNow Technologies [www.sasknow.com]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Hmm...  Maybe this has been answered before.

Is there a GOOD reason that, by default, /usr/local/majordomo/lists is
world readable?  Does not just the "majordom" user/group ever read the
files contained therein?  Until now, I've never really had cause to play
with majordomo, but I was notably concerned when I saw the administrative
password for each list stored clear text in a predictable world readable
file/directory.  :-)

- Ryan

-- 
  Ryan Thompson <ryan@sasknow.com>
  Network Administrator, Accounts

  SaskNow Technologies - http://www.sasknow.com
  #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2

        Tel: 306-664-3600   Fax: 306-664-1161   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message