CGI group id not properly tested
Bug #266225 reported by
Grahamk
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Invalid
|
Medium
|
Unassigned |
Bug Description
[I tried to send this to mailman-developers, but my
message was discarded]
I've just downloaded and installed the latest mailman
2.1.6rc1 and encountered a CGI permissions problem
(running with Apache 2.0 on Scientific Linux 3.04), for
which a patch is described in:
http://
(briefly, replace getgid with getegid in common.c)
Applying this patch resolves the problem I was
experiencing.
Is there any reason this isn't applied in the mailman
distribution?
#g
[http://
To post a comment you must log in.
The 'patch' and discussion in the page was invalid and mail.python. org/pipermail/ mailman- developers/ 2005-April/ 017996. html
updated by the author. In general, you should not patch the
wrapper program. You can also read a good article on the
mailman security mechanism by John Dennis here:
http://