[Bug 1706714] [NEW] A list's config.pck should be accessible only to Mailman's group
Mark Sapiro
mark at msapiro.net
Wed Jul 26 12:55:24 EDT 2017
Public bug reported:
Mailman's SETGID wrappers allow authorized non-Mailman groups to run
Mailman code as Mailman's group. This can result in a list's config.pck
being created by an unprivileged non-Mailman user. This user should not
have access to the config.pck other than via the SETGID wrappers.
** Affects: mailman
Importance: Low
Assignee: Mark Sapiro (msapiro)
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1706714
Title:
A list's config.pck should be accessible only to Mailman's group
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1706714/+subscriptions
More information about the Mailman-coders
mailing list