GNU Mailman

Mailman's log files are world readable

Bug #1327404 reported by Mark Sapiro on 2014-06-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	GNU Mailman	Fix Released	Medium	Mark Sapiro	GNU Mailman 2.1.19rc1

Bug Description

Mailman creates log files with permissions -rw-rw-r--. This allows possibly untrusted local users to read those logs and possibly find sensitive information therein.

The same is true of lists/LISTNAME/request.pck files and data/heldmsg-* files.

See original description

Related branches

lp:mailman/2.1

Mark Sapiro (msapiro) on 2014-06-06

description:

updated

Mark Sapiro (msapiro) on 2014-06-06

Changed in mailman:
status:	In Progress → Fix Committed

Mark Sapiro (msapiro) on 2015-01-30

Changed in mailman:
milestone:	2.1.19 → 2.1.19rc1
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.