[ mailman-Bugs-1105972 ] archive permissions
SourceForge.net
noreply at sourceforge.net
Thu Jan 20 14:36:09 CET 2005
Bugs item #1105972, was opened at 2005-01-20 13:36
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1105972&group_id=103
Category: security/privacy
Group: 2.1 (stable)
Status: Open
Resolution: None
Priority: 5
Submitted By: Jason Gallagher (windowlicker)
Assigned to: Nobody/Anonymous (nobody)
Summary: archive permissions
Initial Comment:
Mailman archive directories are created with owner
apache:mailman and permissions drwxrwsr-x (substitute
whatever user the webserver runs as for 'apache'). This
means the contents are vulnerable to being renamed (or
in the case of index.html deleted/modified) by any CGI
script running as the default user on the same webserver.
One fix would be to use the SuexecUserGroup directive
in the case where apache is being used.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1105972&group_id=103
More information about the Mailman-coders
mailing list