Patches item #1184595, was opened at 2005-04-17 10:43 Message generated for change (Comment added) made by tkikuchi You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=300103&aid=1184595&group_id=103 Category: None Group: None

Status: Closed Resolution: Invalid Priority: 5 Submitted By: SvR Marty (svrmarty) Assigned to: Tokio Kikuchi (tkikuchi) Summary: setregid() to prevent group mismatch error with any MTA

Initial Comment: mailman should run with its own gid apart from the MTA. The mail wrapper is setgid to mailmain to allow this: rwxr-sr-x 1 mailman mailman 7856 Mar 21 03:13 /usr/local/mailman/mail/mailman However, the gid check in the wrapper checks the real gid (the gid of the MTA) instead of the effective gid (mailman). One fix is to have the wrapper set its real gid to the effective gid as done by the attached mailman- 2.1.5-setregid.patch. This patch has been verified to work with postfix and should work with all other MTAs. see also http://bugs.gentoo.org/show_bug.cgi?id=45439 ----------------------------------------------------------------------

Comment By: Tokio Kikuchi (tkikuchi) Date: 2005-04-17 12:28

Message: Logged In: YES user_id=67709 Patch is not uploaded but the discussion above is invalid. The script wrapper checks gid to confirm that it is invoked by a proper user. Or, anyone on the system can maliciously invoke the script to forge a post or something like that. Remember that if you are to check the egid, you do not have to check anything at all because the wrapper is already set sgid flag. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=300103&aid=1184595&group_id=103