[462] in linux-security and linux-alert archive
Re: double security digest vol 01 number 043
daemon@ATHENA.MIT.EDU (Jeff Uphoff)
Tue Nov 7 12:05:16 1995
Date: Tue, 7 Nov 1995 10:58:04 -0500
From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
To: Marc.VAN.DIEST@is.belgacom.be
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: Your message of Tue, November 7, 1995 12:46:54 CET
-----BEGIN PGP SIGNED MESSAGE-----
"MVD" == Marc VAN DIEST <Marc.VAN.DIEST@is.belgacom.be> writes:
MVD> I received this week two linux security digest with the same number, both
MVD> dated sun 05-11-1995.
I also noticed that this had happened. I appears to be due to a bug in
Majordomo.
MVD> The contents are, according to a diff, certainly not the same.
There were indeed two #43 digests, with completely different contents.
Unfortunately, since the digests' archive filenames are based on their
number, only the second #43 now resides in the FTP archive (having
overwritten the first).
MVD> Is there something wrong in the numbering, or is one of them a fake?
The problem is that I approved, en masse, a large number of posts to
linux-security, one of which was, single-handedly, over the
digest-generation threshold (500 lines). Majordomo was not finished
processing the first digest when it found that it had to generate a
second, and it does not appear to do any locking on the file that
contains the sequence numbers (the digest list's master configuration
file).
I don't really plan on trying to track and correct this bug (it could
turn out to be a bit of a time sink)--I'll just be more careful about
approving large numbers of posts in the future.
MVD> For security issues such strange things ring bells.
I agree.
- --Up.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMJ+CArxzFUpUTHgFAQG/wwQAjPtRcRMjfpBslCTEtuK4+q9y9TEJamqI
O6lnwy9+cIHMCpPG39pmbuVlaziw8DerZryuaP4YWV8Bo2+tAWCUcLjehdSZooFk
deASYseIL4J8B52+XGC1H0q34deMGyfI9fsCMALisA92vw+5Se3S1Zr69y3w6Fu7
vyLnixI9k0M=
=axb1
-----END PGP SIGNATURE-----
