mailmanctl doesn't setgroups when run as root
Bug #265943 reported by
Ppsys
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
Medium
|
Unassigned |
Bug Description
When mailmanctl is executed as root the checkprivs
function performs setgid and setuid to reduce the
process privileges.
But mailmanctl fails to set the supplemental groups of
the process to those of the setuid'ed user, effectively
leaving the
processes with the same group privileges as root and,
potentially, without the group privileges of the
setuid'ed user.
This patch uses os.setgroups() to fix that.
Problem definition and solution by Jonas Meurer.
I'm just filing the bug fix for him.
Apply the patch from within the Mailman build directory
with:
patch -p1 < path-to-patch-file
[http://
To post a comment you must log in.
grpsec- 2.1.3-0. 1.patch is a MM 2.1.3 compatible version of the
patch