archive permissions
Bug #266182 reported by
Windowlicker
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
New
|
Medium
|
Unassigned |
Bug Description
Mailman archive directories are created with owner
apache:mailman and permissions drwxrwsr-x (substitute
whatever user the webserver runs as for 'apache'). This
means the contents are vulnerable to being renamed (or
in the case of index.html deleted/modified) by any CGI
script running as the default user on the same webserver.
One fix would be to use the SuexecUserGroup directive
in the case where apache is being used.
[http://
To post a comment you must log in.