[ mailman-Patches-1184595 ] setregid() to prevent group mismatch
error with any MTA
SourceForge.net
noreply at sourceforge.net
Sun Apr 17 14:28:58 CEST 2005
Patches item #1184595, was opened at 2005-04-17 10:43
Message generated for change (Comment added) made by tkikuchi
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=1184595&group_id=103
Category: None
Group: None
>Status: Closed
>Resolution: Invalid
Priority: 5
Submitted By: SvR Marty (svrmarty)
>Assigned to: Tokio Kikuchi (tkikuchi)
Summary: setregid() to prevent group mismatch error with any MTA
Initial Comment:
mailman should run with its own gid apart from the
MTA. The mail wrapper is setgid to mailmain to allow
this:
rwxr-sr-x 1 mailman mailman 7856 Mar 21
03:13 /usr/local/mailman/mail/mailman
However, the gid check in the wrapper checks the real
gid (the gid of the MTA) instead of the effective gid
(mailman). One fix is to have the wrapper set its real gid
to the effective gid as done by the attached mailman-
2.1.5-setregid.patch. This patch has been verified to
work with postfix and should work with all other MTAs.
see also
http://bugs.gentoo.org/show_bug.cgi?id=45439
----------------------------------------------------------------------
>Comment By: Tokio Kikuchi (tkikuchi)
Date: 2005-04-17 12:28
Message:
Logged In: YES
user_id=67709
Patch is not uploaded but the discussion above is invalid.
The script wrapper checks gid to confirm that it is invoked
by a proper user. Or, anyone on the system can maliciously
invoke the script to forge a post or something like that.
Remember that if you are to check the egid, you do not have
to check anything at all because the wrapper is already set
sgid flag.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=1184595&group_id=103
More information about the Mailman-coders
mailing list