[Mailman-Users] Security consequences of adding www user to mailman group
James Riendeau
jtriende at wisc.edu
Thu Dec 18 16:08:36 CET 2008
I need to run bin/add_member in our Mailman 2.1.11 list server
installation from a cgi/perl script. Normally, it has to run as
root. The easy solution was to add the www user to the mailman
group. You can then:
open(LISTSERVER, '|/usr/local/mailman/bin/add_members -r- '.$list_name);
print LISTSERVER $email;
close(LISTSERVER);
My question is are there any security consequences from adding the
Apache2 user to the mailman group I should be aware of. I don't want
to inadvertently allow spammers to add themselves to our lists. The
cgi script that I'm using is well protected by pubcookie and ip
restriction to ensure that only authorized administrators can add new
addresses.
Thanks,
James Riendeau
MMI Computer Support Technician
Rm. 1541, Dept. of MedMicro
1550 Linden Drive
Madison, WI 53706-1521
Phone: (608) 262-3351
After-hours Phone: (608) 260-2696
Fax: (608) 262-8418
Email: jtriende at wisc.edu
More information about the Mailman-Users
mailing list