Bugs item #1120477, was opened at 2005-02-10 19:39 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1120477&group_id=103 Category: Web/CGI Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: Roger H. Goun (rgoun) Assigned to: Nobody/Anonymous (nobody) Summary: Traceback in private.py after security patch Initial Comment: I applied the patch at http://www.list.org/CAN-2005-0202.txt to a Mailman 2.1.4 installation and restarted the Web server. The first time I tried to access the archives for a private list using an email address that's *not* subscribed to the list, I got the traceback below. I backed out the patch and restarted the Web server. I now get the correct "Authorization failed." message. Note that for the sake of paranoia I've obfuscated my email address, changed the names of private lists, and flipped a few bits in the cookie data and remote address below. -- Roger --------------- Bug in Mailman version 2.1.4 We're sorry, we hit a bug! If you would like to help us identify the problem, please email a copy of this page to the webmaster for this site with a description of what happened. Thanks! Traceback: Traceback (most recent call last): File "/usr/local/mailman/scripts/driver", line 87, in run_main main() File "/usr/local/mailman/Mailman/Cgi/private.py", line 124, in main password, username): File "/usr/local/mailman/Mailman/SecurityManager.py", line 220, in WebAuthenticate ok = self.CheckCookie(ac, user) File "/usr/local/mailman/Mailman/SecurityManager.py", line 300, in CheckCookie ok = self.__checkone(c, authcontext, user) File "/usr/local/mailman/Mailman/SecurityManager.py", line 310, in __checkone key, secret = self.AuthContextInfo(authcontext, user) File "/usr/local/mailman/Mailman/SecurityManager.py", line 105, in AuthContextInfo secret = self.getMemberPassword(user) File "/usr/local/mailman/Mailman/OldStyleMemberships.py", line 102, in getMemberPassword raise Errors.NotAMemberError, member NotAMemberError: roger-no@spam-bcah.com Python information: Variable Value sys.version 2.2.2 (#1, Jan 30 2003, 21:26:22) [GCC 2.96 20000731 (Red Hat Linux 7.3 2.96-112)] sys.executable /usr/bin/python2.2 sys.prefix /usr sys.exec_prefix /usr sys.path /usr sys.platform linux2 Environment variables: Variable Value PATH_INFO /dfnh-foo/ HTTP_ACCEPT text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 CONTENT_TYPE application/x-www-form-urlencoded HTTP_REFERER http://mail.democracyfornewhampshire.com/mailman/private/dfnh-foo/ SERVER_SOFTWARE Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_python/2.7.8 Python/1.5.2 mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2 PYTHONPATH /usr/local/mailman SCRIPT_FILENAME /usr/local/mailman/cgi-bin/private SERVER_ADMIN roger-no@spam-bcah.com SCRIPT_NAME /mailman/private SERVER_SIGNATURE Apache/1.3.27 Server at democracyfornewhampshire.com Port 80 REQUEST_METHOD POST HTTP_HOST mail.democracyfornewhampshire.com HTTP_KEEP_ALIVE 300 SERVER_PROTOCOL HTTP/1.1 QUERY_STRING REQUEST_URI /mailman/private/dfnh-foo/ CONTENT_LENGTH 63 HTTP_ACCEPT_CHARSET ISO-8859-1,utf-8;q=0.7,*;q=0.7 HTTP_USER_AGENT Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0 HTTP_CONNECTION keep-alive HTTP_COOKIE dfnh-board+user+roger-no--at--spam-bcah.com=280200000069caae0b42732800000063346130393963653330656239633862643737356337626437396561663334363862343563643536; dfnh-members+admin=280200000069dcee0b42732800000033353539613836343166396565376030323966663963313435646564633734303837666366666230 SERVER_NAME democracyfornewhampshire.com REMOTE_ADDR 24.35.177.35 REMOTE_PORT 38224 HTTP_ACCEPT_LANGUAGE en-us,en;q=0.5 PATH_TRANSLATED /home/roger/democracyfornewhampshire.com/html/dfnh-foo/ SERVER_PORT 80 GATEWAY_INTERFACE CGI/1.1 HTTP_ACCEPT_ENCODING gzip,deflate SERVER_ADDR 199.125.75.14 DOCUMENT_ROOT /home/roger/democracyfornewhampshire.com/html ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1120477&group_id=103