[Mailman-Developers] [ mailman-Bugs-664575 ] mailman 2.1 tarball permissions

Wed Jan 15 07:43:16 EST 2003

Bugs item #664575, was opened at 2003-01-08 14:24
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=664575&group_id=103

Category: configuring/installing
Group: 2.1 (stable)
Status: Open
Resolution: None
>Priority: 7
Submitted By: Barry A. Warsaw (bwarsaw)
Assigned to: Nobody/Anonymous (nobody)
Summary: mailman 2.1 tarball permissions

Initial Comment:
The tarball contains world writeable directories and
files by default. This
may be a problem on systems where users do not have a
sane umask or safe
directory permissions, allowing an attacker to modify
source code that is
later compiled (usually as root) and that is installed
setuid/setgid
(allowing for easy insertion of backdoors).
kurt at seifried.org

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=664575&group_id=103