Next: Digest generation and archive retrieval, Previous: Remote administration setting, Up: Ezmlm-idx security
ezmlm-manage(1) can allow remote administrators to edit files in DIR/text. First, this option is disabled by default. Second, the ‘-edit’ command is accepted only when the target (the recipient) is a remote administrator. Third, only existing files within DIR/text are editable. It is not possible to create files.
ezmlm replies to a valid request with an informative message and the contents of the file. In addition, the ‘Reply-To:’ address contains a cookie based on the file name and contents, as well as the current time. Anyone possessing this cookie can save a new version of the text file. As with other ezmlm security, the security of this process depends on only the remote administrator receiving remote administrator mail. If this is not sufficiently secure for you, do not enable this option. As always, an increase in accessibility results results in a decrease in security.
Cookies for editing expire in approximately 27 hours. Also, as soon as a file is changed, the cookie is invalidated since the file contents change. This also means that an outstanding edit request cannot be completed if the files has been updated in the interim.
A potential attacker obtaining a valid cookie has a window of opportunity while you edit the file, or for at most 27 hours. S/he can overwrite and existing text file with potentially offensive material. Usually, this can be achieved more easily by posting to the list. S/he can also potentially fill your disk with a large amount of data (up to two times 10240 bytes (limited by MAXEDIT in idx.h)) and could put part of this data onto messages leaving the list. Again, this is much more easily achieved by e.g. sending the equivalently sized message to your list.