At 11:49 PM 2003-08-10 -0400, J C Lawrence wrote:
On Sunday, August 10, 2003, at 10:14 AM, Jeff Wasilko wrote:
> If you're using demime to front-end majordomo, you should patch it to
> deal with a problem that was recently discovered.
This problem is not unique to majordomo hosted lists.
Yep. There is now a release of demime that incorporates the patch - the
download site is here:
If you are not running 1.1d, you are vulnerable to this. I found it the
same way that I suspect everyone else did, and immediately realized, to my
shame, that it was going to be a widespread problem, so I stayed up until I
developed a patch and published it on the demime-l list. (I had to
sync/reboot my system with sysrq - I could not get in with ctrl-alt-del -
it announced that it would start shutting down things, and I waited, but a
half hour later it had not yet killed any of the processes that were
hanging things up, so I synched and remounted read only, then booted.) I
realize that I should have published it here as well, the only reason I did
not was because I was too tired to think by the time I finished figuring
out the problem myself.
If you are running an older version, or have a locally patched version you
want to fix, the patch that was previously posted is good.
He said: "There are people from Baath here reporting everything that
goes on. There are cameras here recording our faces. If the Americans
were to withdraw and everything were to return to the way it was before,
we want to make sure that we survive the massacre that would follow
as Baath go house to house killing anyone who voiced opposition to
Saddam. In public, we always pledge our allegiance to Saddam, but in
our hearts we feel something else."
Nick Simicich - njs @