[Mailman-Users] mmsitepass broken in v 2.1.5?
Brad Knowles
brad at stop.mail-abuse.org
Thu Sep 2 16:03:08 CEST 2004
At 1:35 PM +0100 2004-09-02, Richard Barrett quoted hesco at greens.org:
>> I'm a member of mailman, but am not root.
>> Do I break the installation by asking root
>> to reset these permissions with chmod g+w?
>
> It will only be a problem if your site manager thinks that it is a bad
> thing letting any userid which is a member of the mailman group change
> the site password.
IIRC, this poster is in a *BSD jail() environment, without the
root password -- which I think means that this jail is dedicated to
him. He got the guy with root password to change all these files,
but in this circumstance I don't think that worked quite the way they
expected.
Assuming I am correct, then changing the group writership of this
file shouldn't pose a greatly increased security risk, although he
should be aware that anyone who can get into the mailman group on the
bare machine would then be able to access and modify the files from
outside the jail.
Unfortunately, when you're trying to run something like this in a
chroot() or jail() environment that doesn't completely and totally
simulate a full virtual machine where you can have complete root
access to your entire "system", things tend to get a bit strange.
I think relatively few mailman admins are in this kind of
environment -- most either own the entire machine or they use list
hosting facilities provided by others, and not many are between these
extremes.
This also means that there are few experienced mailman admins who
can answer questions about chroot()/jail() strangeness based on prior
experience, or who can then put that kind of information into the
documentation, FAQ, etc....
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the Mailman-Users
mailing list