[ mailman-Bugs-1188133 ] CGI group id not properly tested
SourceForge.net
noreply at sourceforge.net
Sun Apr 24 01:49:20 CEST 2005
Bugs item #1188133, was opened at 2005-04-22 14:58
Message generated for change (Comment added) made by tkikuchi
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1188133&group_id=103
Category: Web/CGI
Group: 2.1 (stable)
>Status: Closed
>Resolution: Invalid
Priority: 5
Submitted By: Graham Klyne (grahamk)
Assigned to: Nobody/Anonymous (nobody)
Summary: CGI group id not properly tested
Initial Comment:
[I tried to send this to mailman-developers, but my
message was discarded]
I've just downloaded and installed the latest mailman
2.1.6rc1 and encountered a CGI permissions problem
(running with Apache 2.0 on Scientific Linux 3.04), for
which a patch is described in:
http://minaret.biz/tips/mailman.html
(briefly, replace getgid with getegid in common.c)
Applying this patch resolves the problem I was
experiencing.
Is there any reason this isn't applied in the mailman
distribution?
#g
----------------------------------------------------------------------
>Comment By: Tokio Kikuchi (tkikuchi)
Date: 2005-04-23 23:49
Message:
Logged In: YES
user_id=67709
The 'patch' and discussion in the page was invalid and
updated by the author. In general, you should not patch the
wrapper program. You can also read a good article on the
mailman security mechanism by John Dennis here:
http://mail.python.org/pipermail/mailman-developers/2005-April/017996.html
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1188133&group_id=103
More information about the Mailman-coders
mailing list