[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev internal links
From: |
pg |
Subject: |
Re: lynx-dev internal links |
Date: |
Sat, 5 Sep 1998 09:58:57 -0600 (MDT) |
In a recent note, Doug Kaufman said:
> Date: Fri, 4 Sep 1998 18:14:10 -0700 (PDT)
>
> On the other hand, unless sendmail is configured to verify validity of
> headers, anyone with a shell account can send mail with misleading
> headers (just look at the volume of spam with inaccurate headers). One
Well said. Lynx should protect the administrator's interests for
captive accounts; for shell accounts, either the necessary protection
is configured in sendmail or Lynx can do nothing -- I can send
anything I want simply by piping into sendmail. Fix the
weaknesses for captive use; ignore them for shell.
BTW, is Henry willing at least to disclose whether the weakness
found exists for captive accounts? I couldn't discover it by
casual experimentation, nor by a quick reading of LYMail.c
-- gil
- Re: lynx-dev internal links, (continued)
- Re: lynx-dev internal links, nelsonhe, 1998/09/03
- Re: lynx-dev internal links, dickey, 1998/09/04
- Re: lynx-dev internal links, dickey, 1998/09/04
- lynx-dev Internal Links, David Henderson, 1998/09/04
- Re: lynx-dev internal links, Nelson Henry Eric, 1998/09/04
Re: lynx-dev internal links, Nelson Henry Eric, 1998/09/07