GNU Mailman

CGI group id not properly tested

Bug #266225 reported by Grahamk on 2005-04-22

Affects		Status	Importance	Assigned to	Milestone
	GNU Mailman	Invalid	Medium	Unassigned	GNU Mailman 2.1-stable

Bug Description

[I tried to send this to mailman-developers, but my
message was discarded]

I've just downloaded and installed the latest mailman
2.1.6rc1 and encountered a CGI permissions problem
(running with Apache 2.0 on Scientific Linux 3.04), for
which a patch is described in:
http://minaret.biz/tips/mailman.html

(briefly, replace getgid with getegid in common.c)

Applying this patch resolves the problem I was
experiencing.

Is there any reason this isn't applied in the mailman
distribution?

[http://sourceforge.net/tracker/index.php?func=detail&aid=1188133&group_id=103&atid=100103]

Tags:

Revision history for this message

Tokio Kikuchi (tkikuchi) wrote on 2005-04-24:

The 'patch' and discussion in the page was invalid and
updated by the author. In general, you should not patch the
wrapper program. You can also read a good article on the
mailman security mechanism by John Dennis here:
http://mail.python.org/pipermail/mailman-developers/2005-April/017996.html

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.