mailman 2.1 tarball permissions
Bug #265840 reported by
Barry Warsaw
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
New
|
High
|
Unassigned |
Bug Description
The tarball contains world writeable directories and
files by default. This
may be a problem on systems where users do not have a
sane umask or safe
directory permissions, allowing an attacker to modify
source code that is
later compiled (usually as root) and that is installed
setuid/setgid
(allowing for easy insertion of backdoors).
<email address hidden>
[http://
To post a comment you must log in.