Public bug reported: Mailman's SETGID wrappers allow authorized non-Mailman groups to run Mailman code as Mailman's group. This can result in a list's config.pck being created by an unprivileged non-Mailman user. This user should not have access to the config.pck other than via the SETGID wrappers. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1706714 Title: A list's config.pck should be accessible only to Mailman's group To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1706714/+subscriptions