GNU Mailman

Permissions

Bug #265347 reported by Godisch-users on 2000-10-07

Affects		Status	Importance	Assigned to	Milestone
	GNU Mailman	Invalid	Medium	Barry Warsaw	GNU Mailman postponed

Bug Description

$prefix/logs/* and $prefix/lists/*/next-digest* should not be
world-readable by default. Maybe also $prefix/lists in respect to
non-advertised lists.

[http://sourceforge.net/tracker/index.php?func=detail&aid=216303&group_id=103&atid=100103]

Tags:

Revision history for this message

Barry Warsaw (barry) wrote on 2000-10-23:

I agree in principle, however I worry about the operational side effects of
changing it this late in the 2.0 release cycle. I will re-address this for
2.1.

Revision history for this message

Godisch-users (godisch-users) wrote on 2000-11-02:

Also $prefix/lists/*/request.db is 0664 by default and these files
temporarily contain user passwords!

Revision history for this message

Godisch-users (godisch-users) wrote on 2000-11-02:

Also $prefix/data/pending_subscriptions.db is worldwide readable and
contains user passwords -- everything in cleartext of course.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.