A list's config.pck should be accessible only to Mailman's group
Bug #1706714 reported by
Mark Sapiro
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| GNU Mailman |
In Progress
|
Low
|
Mark Sapiro | ||
Bug Description
Mailman's SETGID wrappers allow authorized non-Mailman groups to run Mailman code as Mailman's group. This can result in a list's config.pck being created by an unprivileged non-Mailman user. This user should not have access to the config.pck other than via the SETGID wrappers.
| Changed in mailman: | |
| milestone: | 2.1.25 → none |
To post a comment you must log in.
