
i have installed mailman as part of pilot project to test out new mailing list managers for work. i had to change the ./mailman/mail/wrapper program to check for multiple uids and gids to get the cron jobs to work properly (uid and gid were that of mailman when sending out results). has this been incoporated into mailmanv1.0b1.2 yet? if not, here's a patch to ./src/mail-wrapper.c (the same change can be applied to the other legal_caller() functions in the wrappers): --- src/mail-wrapper.c Tue Jun 10 12:31:16 1997 +++ src/mail-wrappernew.c Thu Apr 9 03:41:32 1998 @@ -37,9 +37,18 @@ NULL /* Sentinal, don't remove */ }; -/* Should make these arrays too... */ -const int LEGAL_PARENT_UID = 8; /* mail's UID */ -const int LEGAL_PARENT_GID = 12; /* mail's GID */ + +const int LEGAL_PARENT_UIDS[] = { + 1, /* mail's uid */ + 537, /* mailman's uid */ + -1 /* Sentinel, don't remove */ +}; + +const int LEGAL_PARENT_GIDS[] = { + 1, /* mail's gid */ + 100, /* mailman's gid */ + -1 /* Sentinel, don't remove */ +}; /* @@ -77,20 +86,45 @@ ** is the parent process allowed to call us? */ int legal_caller() { - /* compare to our parent's uid */ - if(LEGAL_PARENT_UID != getuid()) + int uid, gid, isok, idi; + isok = 0; + idi = 0; + uid = getuid(); + while (LEGAL_PARENT_UIDS[idi] != -1) + { + if(LEGAL_PARENT_UIDS[idi] == uid) + { + isok = 1; + break; + } + idi++; + } + if ( isok == 0) { - fprintf(f,"GOT UID %d.\n", getuid()); - return 0; + fprintf(f,"GOT UID %d.\n", uid); + return 0; } - if(LEGAL_PARENT_GID != getgid()) + isok = 0; + idi = 0; + gid = getgid(); + while (LEGAL_PARENT_GIDS[idi] != -1) { - fprintf(f,"GOT GID %d.\n", getgid()); - return 0; + if(LEGAL_PARENT_GIDS[idi] == gid) + { + isok = 1; + break; + } + idi++; + } + if ( isok == 0) + { + fprintf(f,"GOT GID %d.\n", gid); + return 0; } return 1; } + int valid_command(char *command){ int i = 0; @@ -119,7 +153,7 @@ i = strlen(argv[1]) + strlen(COMMAND_LOCATION) + 2; command = (char *)malloc(sizeof(char) * i); sprintf(command, "%s/%s", COMMAND_LOCATION, argv[1]); - + fprintf(f, "command is %s\n", command); if(!valid_command(argv[1])){ fprintf(f,"Illegal command.\n"); } Scott Cotton IC Group, Inc

On Thu, 9 Apr 1998, Scott wrote:
i have installed mailman as part of pilot project to test out new mailing list managers for work.
i had to change the ./mailman/mail/wrapper program to check for multiple uids and gids to get the cron jobs to work properly (uid and gid were that of mailman when sending out results).
has this been incoporated into mailmanv1.0b1.2 yet? if not, here's a patch to ./src/mail-wrapper.c (the same change can be applied to the other legal_caller() functions in the wrappers):
This sounds fine. Note that the next release will have a somewhat simpler wrapper situation - john has consolidated all the cgi wrappers into a single source file, so there now is a total of three wrappers - the generic cgi wrapper (which is parameterized to create an executable for each of the cgi scripts), the mail-wrapper, and the aliases wrapper.
Ken

On Thu, Apr 09, 1998 at 11:47:45AM -0400, Ken Manheimer wrote: | On Thu, 9 Apr 1998, Scott wrote: | | > i have installed mailman as part of pilot project to test out new | > mailing list managers for work. | > | > i had to change the ./mailman/mail/wrapper program to check for | > multiple uids and gids to get the cron jobs to work properly (uid and | > gid were that of mailman when sending out results). | > | > has this been incoporated into mailmanv1.0b1.2 yet? if not, here's a | > patch to ./src/mail-wrapper.c (the same change can be applied to the | > other legal_caller() functions in the wrappers): | | This sounds fine. Note that the next release will have a somewhat | simpler wrapper situation - john has consolidated all the cgi wrappers | into a single source file, so there now is a total of three wrappers - | the generic cgi wrapper (which is parameterized to create an executable | for each of the cgi scripts), the mail-wrapper, and the aliases wrapper.
One more thing that may make the installation easier would be to have a single header file that is #included in each c source file with something like
/* legal parent uid's of the wrapper ./mailman/mail/wrapper */ const int LEGAL_MAIL_PUIDS[] = { 0, /* root */ 1, /* bin */ 537, /*mailman */ -1, /* Sentinel, do not remove */ }
or if there's a worry of defining unused variables:
#ifdef MAIL_WRAPPER
[declaration]
#endif
along with a '#define MAIL_WRAPPER 1' in mail-wrapper.c
this way, while whoever is installing the program, they would only have to edit one file to play with the calling uid and gid.
Scott Cotton IC Group, Inc.
participants (2)
-
Ken Manheimer
-
Scott