GNU Mailman

mailmanctl doesn't setgroups when run as root

Bug #265943 reported by Ppsys on 2003-07-25

Affects		Status	Importance	Assigned to	Milestone
	GNU Mailman	Fix Released	Medium	Unassigned	GNU Mailman 2.1-stable

Bug Description

When mailmanctl is executed as root the checkprivs
function performs setgid and setuid to reduce the
process privileges.

But mailmanctl fails to set the supplemental groups of
the process to those of the setuid'ed user, effectively
leaving the
processes with the same group privileges as root and,
potentially, without the group privileges of the
setuid'ed user.

This patch uses os.setgroups() to fix that.

Problem definition and solution by Jonas Meurer.

I'm just filing the bug fix for him.

Apply the patch from within the Mailman build directory
with:

patch -p1 < path-to-patch-file

[http://sourceforge.net/tracker/index.php?func=detail&aid=777444&group_id=103&atid=100103]

Tags:

Revision history for this message

Ppsys (ppsys) wrote on 2003-07-25:

Corrective patch for MM 2.1.2 Edit (1.2 KiB, text/plain)

Revision history for this message

Ppsys (ppsys) wrote on 2003-10-01:

grpsec-2.1.3-0.1.patch is a MM 2.1.3 compatible version of the patch Edit (1.1 KiB, text/plain)

grpsec-2.1.3-0.1.patch is a MM 2.1.3 compatible version of the
patch

Revision history for this message

Barry Warsaw (barry) wrote on 2003-12-15:

Accepted for Mailman 2.1.4, with a slight recoding; note
that os.setgroups() isn't available in Python 2.1, which we
still support.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.