[Bug 1327404] [NEW] Mailman's log files are world readable
Public bug reported: Mailman creates log files with permissions -rw-rw-r--. This allows possibly untrusted local users to read those logs and possibly find sensitive information therein. The same is true of lists/LISTNAME/request.pck files. ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1327404 Title: Mailman's log files are world readable To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1327404/+subscriptions
** Description changed: Mailman creates log files with permissions -rw-rw-r--. This allows possibly untrusted local users to read those logs and possibly find sensitive information therein. - The same is true of lists/LISTNAME/request.pck files. + The same is true of lists/LISTNAME/request.pck files and data/heldmsg-* + files. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1327404 Title: Mailman's log files are world readable To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1327404/+subscriptions
** Branch linked: lp:mailman/2.1 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1327404 Title: Mailman's log files are world readable To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1327404/+subscriptions
** Changed in: mailman Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1327404 Title: Mailman's log files are world readable To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1327404/+subscriptions
** Changed in: mailman Status: Fix Committed => Fix Released ** Changed in: mailman Milestone: 2.1.19 => 2.1.19rc1 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1327404 Title: Mailman's log files are world readable To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1327404/+subscriptions
participants (2)
-
Launchpad Bug Tracker -
Mark Sapiro