Mailman's log files are world readable
Bug #1327404 reported by
Mark Sapiro
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
Medium
|
Mark Sapiro |
Bug Description
Mailman creates log files with permissions -rw-rw-r--. This allows possibly untrusted local users to read those logs and possibly find sensitive information therein.
The same is true of lists/LISTNAME/
Related branches
description: | updated |
Changed in mailman: | |
status: | In Progress → Fix Committed |
Changed in mailman: | |
milestone: | 2.1.19 → 2.1.19rc1 |
status: | Fix Committed → Fix Released |
To post a comment you must log in.