On Sun, 02 Jan 2000, you wrote:> Hi Torsten,

...

can you say (or point to an URL), what these vulnerabilities are? Getting root-rights as a normal user? Or just abusing majordomo, getting around moderation etc.?

Bugs in resend aside, this appears to be an incorrect configuration of wrapper. majordomo should have it's own group as well as user, and it should change to that group, not daemon. This is according to Doc/FAQ in the Majordomo 1.94.4 distribution. It would be important to note that on POSIX systems, the wrapper is compiled to setuid() to the majordomo user, so this won't give a root shell... #ifdef POSIX_UID setuid(POSIX_UID); #else setuid(geteuid()); #endif -- Mark Ruth Unix Systems Administrator New York, NY, USA Mark.Ruth@gmx.net