[Mailman-Developers] Re: Security
J C Lawrence
claw@kanga.nu
Mon, 23 Oct 2000 20:28:21 -0700
On Mon, 23 Oct 2000 23:03:47 -0400 (EDT)
barry <barry@wooz.org> wrote:
> I'm not sure what I can do, because I currently have no way of
> running Mailman 1.1.
I would of course be willing to prove my entire install, plus the
(Debian) package it was installed from
> I could take your files and upgrade them to 2.0 and see what
> happens, but I'd be surprised if I get the same hard crash.
Aye, that's an artificial and not very revealing test.
> As you say, Mailman isn't doing anything special and has no
> special privs. How could that crash or hang your system? Maybe
> it's tripping a bug in your MTA, web server, or OS. What flavors
> and versions of those do you run?
Apache: 1.3.12
Exim: 3.10
Linux kernels: 2.2.10, 2,2,12, 2,2,16 2.2.16+ReiserFS, 2.4.0-test9 or
2.4.0-test9+ReiserFS
I'm certain the bug is not in Apache as it also occurs on post
passing straight to the list without going thru moderation. It is
possible it is in Exim, tho I'd be extremely surprised. For one
I've reinstalled all binaries from known good sources, and have
MD5ed all Exim files against both known good sources and the copies
installed on other happily running machines. It is also unlikely
that the bug is in the kernel as I've reproduced the problem with
kernels built on other (untouched) machines and then installed on
the offending machine, and on kernels built locally from
cryptographically verified source balls.
> Very odd.
Precisely.
As a total aside: I've become quite fond of ReiserFS. I didn't have
it running previously to these problems, and only installed it when
I started crashing multiple times a day (while trying to figure out
why). Its been a real life and time saver.
--
J C Lawrence Home: claw@kanga.nu
---------(*) Other: coder@kanga.nu
http://www.kanga.nu/~claw/ Keys etc: finger claw@kanga.nu
--=| A man is as sane as he is dangerous to his environment |=--