On Thu, Apr 25, 2013 at 8:07 PM, Erik Huelsmann ehuels@gmail.com wrote:
From what I understand now there is no password associated
with a subscription to a list, nor is there any password associated with the owner/admin role of a list.
Can you tell me what you have read that makes it seem like very very insecure? Also, what are you talking about "password associated with ..."?
Am I wrong
in believing that now someone simply has to send emails with a forged From: field to hijack control of the list/subscription?
Well, what made you believe that? Is there a simple way that folks can easily hijack a list over email?
As far as I know, it was audited by a company that worries about such things, http://mlmmj.org/docs/readme-security/ , and does not have a problem... can you please show me how/where/when you are able to hijack a list? mlmmj-test@common-lisp.net is a great place to start, and please feel free to hijack it.
Let me know if I have answered all the questions, and let me know the security holes you have discovered.
-- drewc
Indeed you have answered all the questions I asked and this does clarify the current situation.
You did write comments on each of his questions, but could you explain how you think mlmmj addresses the security risks put forward regarding establishing sender identity related to e-mail? I'm not finding an answer to that in your comments. (The fact that the software doesn't contain any security glitches doesn't mean its authentication model is flawless, so the pointer to the security readme isn't the answer I'm looking for.)
Drew responded to me off-list over IM yesterday. The summary of the reaction is: every moderation request uses a unique and randomly generated reply-to address, making it hard(er) to just spoof admin mails.
Bye,
Erik.