[Bug 1706714] [NEW] A list's config.pck should be accessible only to Mailman's group
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
Public bug reported: Mailman's SETGID wrappers allow authorized non-Mailman groups to run Mailman code as Mailman's group. This can result in a list's config.pck being created by an unprivileged non-Mailman user. This user should not have access to the config.pck other than via the SETGID wrappers. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1706714 Title: A list's config.pck should be accessible only to Mailman's group To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1706714/+subscriptions
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
** Changed in: mailman Milestone: 2.1.25 => None -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1706714 Title: A list's config.pck should be accessible only to Mailman's group To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1706714/+subscriptions
participants (1)
-
Mark Sapiro