[ mailman-Bugs-777444 ] mailmanctl doesn't setgroups when run as root
Bugs item #777444, was opened at 2003-07-25 06:02 Message generated for change (Comment added) made by bwarsaw You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=777444&group_id=103 Category: security/privacy Group: 2.1 (stable)
Initial Comment: When mailmanctl is executed as root the checkprivs function performs setgid and setuid to reduce the process privileges. But mailmanctl fails to set the supplemental groups of the process to those of the setuid'ed user, effectively leaving the processes with the same group privileges as root and, potentially, without the group privileges of the setuid'ed user. This patch uses os.setgroups() to fix that. Problem definition and solution by Jonas Meurer. I'm just filing the bug fix for him. Apply the patch from within the Mailman build directory with: patch -p1 < path-to-patch-file ----------------------------------------------------------------------
Comment By: Barry A. Warsaw (bwarsaw) Date: 2003-12-14 12:58
Message: Logged In: YES user_id=12800 Accepted for Mailman 2.1.4, with a slight recoding; note that os.setgroups() isn't available in Python 2.1, which we still support. ---------------------------------------------------------------------- Comment By: Richard Barrett (ppsys) Date: 2003-09-30 16:45 Message: Logged In: YES user_id=75166 grpsec-2.1.3-0.1.patch is a MM 2.1.3 compatible version of the patch ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=777444&group_id=103
participants (1)
-
SourceForge.net