[Bug 1491187] [NEW] mailmanctl check_privs should check effective uid, not real uid
Mark Sapiro
mark at msapiro.net
Wed Sep 2 02:04:05 CEST 2015
Public bug reported:
Situations can arise where mailmanctl is running with an effective uid
of 'mailman' and a real uid of 'root'. Such a situation is if logrotate
does 'su mailman mailman' to rotate mailman's logs and then invokes
'mailmanctl reopen' in a postrotate script.
In this case, mailmanctl gets its real uid which is 'root' and then
tries to do os.setgroups, but the effective uid is 'mailman' which
doesn't have permission to set groups.
** Affects: mailman
Importance: Medium
Assignee: Mark Sapiro (msapiro)
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1491187
Title:
mailmanctl check_privs should check effective uid, not real uid
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1491187/+subscriptions
More information about the Mailman-coders
mailing list