[ mailman-Bugs-1105972 ] archive permissions
Bugs item #1105972, was opened at 2005-01-20 13:36 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1105972&group_id=103 Category: security/privacy Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: Jason Gallagher (windowlicker) Assigned to: Nobody/Anonymous (nobody) Summary: archive permissions Initial Comment: Mailman archive directories are created with owner apache:mailman and permissions drwxrwsr-x (substitute whatever user the webserver runs as for 'apache'). This means the contents are vulnerable to being renamed (or in the case of index.html deleted/modified) by any CGI script running as the default user on the same webserver. One fix would be to use the SuexecUserGroup directive in the case where apache is being used. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1105972&group_id=103
participants (1)
-
SourceForge.net