Re: [Mailman-Developers] [Mailman-Users] Permission of data/bounce-events-?????.pck
imacat wrote:
I noted that in the source of mailman 2.1.7 there are 2 lines in bin/mailmanctl:
line 421-422 # Clear our file mode creation umask os.umask(0)
Is this intended? Is it the reason why data/bounce-events-?????.pck are world-writable?
It looks like you're right. I don't know if there is/was a good reason or not. I'm cross posting this reply to Mailman-Developers. Maybe someone there knows the reason for this.
Note that many places in the Mailman code, umask is saved and set for a particular purpose and then restored, but BounceRunner doesn't do this when creating the bounce-events-*.pck. I don't know why.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
I could use a little explanation on this issue.
I was checking my system for world-writable files, and found lots ofdata/bounce-events-?????.pck that are world-writable:
imacat@rinse ~ % ls -lt /var/lib/mailman/data | grep 'rw. ' -rw-rw-rw- 1 list list 0 2006-01-31 01:26 bounce-events-02258.pck -rw-rw-rw- 1 list list 4786 2005-12-26 17:36 bounce-events-26086.pck ... imacat@rinse ~ %
I felt weird, so I looked into the mailman 2.1.7 source, and foundsuch lines in bin/mailmanctl:
line 421-422 # Clear our file mode creation umask os.umask(0)
I checked the umask when running the init script (copied fromscripts/mailman) on boot, inserted "touch /var/tmp/mailman.umask.test" and reboot. The result is sane, but a new world-writable bounce-events-?????.pck was created altogeter. Apparently bin/mailmanctl did not inherit the umask from its parent init script:
imacat@rinse ~ % ls -l /var/tmp/mailman.umask.test -rw-r--r-- 1 root root 0 2006-02-02 02:52 /var/tmp/mailman.umask.test imacat@rinse ~ % ls -l /var/lib/mailman/data/bounce-events-*.pck -rw-rw-rw- 1 list list 0 2006-02-02 02:41 /var/lib/mailman/data/bounce-events-02211.pck imacat@rinse ~ %
I searched the archive. I know that these long-gonedata/bouce-events-?????.pck can be safely removed. But I'm a little worried about this "world-writable" thing. Is it intended? Mark told me these files are safe. That's fine. But I still find it confusing:
1. Even if they are safe, it'll still create confusion when someonetries to dump them for debugging purpose, if tempered.
2. Even if they are safe, will other files created bybin/mailmanctl, may be accidently, be world-writable, too?
3. Will other processes raised by bin/mailmanctl, may be accidently,inherit this umask and create world-writable files on surprise, too?
4. Finally, is that necessary to clear the umask to 0?
I'm not quite familiar with python, so forgive me if I didn't send anypatch on this. It may not be appropriate, either, for the whole umask operation seems to be quite complicated in bin/mailmanctl and an improper patch may ruin it.
On Wed, 1 Feb 2006 14:13:25 -0800 Mark Sapiro <msapiro@value.net> wrote:
imacat wrote:
I noted that in the source of mailman 2.1.7 there are 2 lines in bin/mailmanctl:
line 421-422 # Clear our file mode creation umask os.umask(0)
Is this intended? Is it the reason why data/bounce-events-?????.pck are world-writable?
It looks like you're right. I don't know if there is/was a good reason or not. I'm cross posting this reply to Mailman-Developers. Maybe someone there knows the reason for this.
Note that many places in the Mailman code, umask is saved and set for a particular purpose and then restored, but BounceRunner doesn't do this when creating the bounce-events-*.pck. I don't know why.
-- Best regards, imacat ^_*' <imacat@mail.imacat.idv.tw> PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt
<<Woman's Voice>> News: http://www.wov.idv.tw/ Tavern IMACAT's: http://www.imacat.idv.tw/ TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug
imacat wrote:
I noted that in the source of mailman 2.1.7 there are 2 lines in bin/mailmanctl:
line 421-422 # Clear our file mode creation umask os.umask(0)
Is this intended? Is it the reason why data/bounce-events-?????.pck are world-writable?
There doesn't appear to be a good reason. This has been changed for Mailman 2.1.8 so that the 'default' umask will be 007 and also the specific creation of the bounce-events queue file will have no permission for 'other'.
The changes to bin/mailmanctl and Mailman/Queue/BounceRunner.py have been committed to CVS and can be seen (soon) at <http://cvs.sourceforge.net/viewcvs.py/mailman/mailman/>.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Sat, 4 Feb 2006 21:16:44 -0800 Mark Sapiro <msapiro@value.net> wrote:
imacat wrote:
I noted that in the source of mailman 2.1.7 there are 2 lines in bin/mailmanctl: line 421-422 # Clear our file mode creation umask os.umask(0) Is this intended? Is it the reason why data/bounce-events-?????.pck are world-writable?
There doesn't appear to be a good reason. This has been changed for Mailman 2.1.8 so that the 'default' umask will be 007 and also the specific creation of the bounce-events queue file will have no permission for 'other'.
It's so great to hear that. ^_^ I shall be waiting for the release.-- Best regards, imacat ^_*' <imacat@mail.imacat.idv.tw> PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt
<<Woman's Voice>> News: http://www.wov.idv.tw/ Tavern IMACAT's: http://www.imacat.idv.tw/ TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug
participants (2)
-
imacat -
Mark Sapiro