[Mailman-Users] Options page bombing out on a security violation
Hank van Cleef
vancleef at lostwells.net
Tue Jan 2 22:47:47 CET 2007
I'm attaching a user's description of something about 20 of my users are
reporting on a fresh install of Mailman 2.1.9 I've edited the user
identity, and am including configuration info following the forwarded
mail. I'm baffled, because I cannot get this problem to happen from
any of the systems at my site, and some users (unfortunately, all of
the computer-literate types who might be able to help) aren't getting it
either.
>
> I too am suffering from the
>
> "High security alert!!!
> You are not permitted to download the file "user at userdomain.com".
>
> URL = http://bronze.lostwells.net/mailman/options/mercedes/user@userdomain.com"
>
> when trying to switch off the mail
>
> path followed is as follows:-
>
>
>
> 1, http://www.lostwells.net/mailman/listinfo/mercedes
>
> 2, click on "unsubscribe or edit options" button
>
> 3, http://bronze.lostwells.net/mailman/options/mercedes
>
> 4, sign in with normal login details, the page refreshes with all the
> parameters viewable
>
> 5, disable mail delivery and click "submit my changes"
>
> 6, High Security message at the url
> http://bronze.lostwells.net/mailman/options/mercedes/user@userdomain.com
>
> ===================================================
Configuration details: Solaris 9 on Sun Ultra 10
Python 2.5
Mailman 2.1.9
Since I am taking over hosting for a list that was running on a Mailman
2.1.4 installation, I built a local 2.1.4 tree, created the list, then
copied the old site config.pck over the newly-created one. Then built
2.1.9 and upgraded the 2.1.4 tree.
# cd /usr/local/mailman
# ./bin/check_perms
No problems found
Hank
--
Hank van Cleef (vancleef at lostwells.net, hvanclee at nyx.net)
1986 420SEL "A stranger in paradise" (Fremont Co. Wyoming)
1986 GMC 1500 6.2 diesel pickup "Seen one, seen them all"
More information about the Mailman-Users
mailing list