Re: [Mailman-Developers] [Mailman-checkins] [Branch ~mailman-coders/mailman/2.1] Rev 1297: A new list poster password has been implemented. This password may only
Hi Mark, Thanks for taking care of these (as always!). I have one quick comment. On Apr 26, 2011, at 01:00 AM, noreply@launchpad.net wrote:
------------------------------------------------------------ revno: 1297 committer: Mark Sapiro <msapiro@value.net> branch nick: 2.1 timestamp: Mon 2011-04-25 16:52:35 -0700 message: A new list poster password has been implemented. This password may only be used in Approved: or X-Approved: headers for pre-approving posts. Using this password for that purpose precludes compromise of a more valuable password sent in plain text email. Bug #770581. modified: Mailman/Cgi/admin.py Mailman/Defaults.py.in Mailman/Handlers/Approve.py Mailman/SecurityManager.py Mailman/Version.py Mailman/versions.py NEWS
=== modified file 'Mailman/Defaults.py.in' --- Mailman/Defaults.py.in 2011-04-25 22:40:16 +0000 +++ Mailman/Defaults.py.in 2011-04-25 23:52:35 +0000 @@ -1375,6 +1375,11 @@ # option settings # - List creator, someone who can create and delete lists, but cannot # (necessarily) configure the list. +# - List poster, someone who can pre-approve her/his own posts to the list by +# including an Approved: or X-Approved: header or first body line pseudo- +# header containing the poster password. The list admin and moderator +# passwords can also be used for this purpose, but the poster password can +# only be used for this and nothing else. # - List moderator, someone who can tend to pending requests such as # subscription requests, or held messages # - List administrator, someone who has total control over a list, can @@ -1389,7 +1394,8 @@ AuthCreator = 2 # List Creator / Destroyer AuthListAdmin = 3 # List Administrator (total control over list) AuthListModerator = 4 # List Moderator (can only handle held requests) -AuthSiteAdmin = 5 # Site Administrator (total control over everything) +AuthListPoster = 5 # List poster (Approved: <pw> header in posts only) +AuthSiteAdmin = 6 # Site Administrator (total control over everything)
------------------------------------------------------------
While this is probably harmless, it does make me nervous. I'd probably have added the AuthListPoster as value 6 and left AuthSiteAdmin as 5. It's unlikely that someone has squirreled these values away, but if they have, this might break their code because their AuthSiteAdmin enum value is now AuthListPoster. I'll leave it up to you, but please consider changing AuthSiteAdmin back to 5 and adding AuthListPoster as 6. Cheers, -Barry
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 4/25/2011 6:30 PM, Barry Warsaw wrote:
@@ -1389,7 +1394,8 @@ AuthCreator = 2 # List Creator / Destroyer AuthListAdmin = 3 # List Administrator (total control over list) AuthListModerator = 4 # List Moderator (can only handle held requests) -AuthSiteAdmin = 5 # Site Administrator (total control over everything) +AuthListPoster = 5 # List poster (Approved: <pw> header in posts only) +AuthSiteAdmin = 6 # Site Administrator (total control over everything)
------------------------------------------------------------
While this is probably harmless, it does make me nervous. I'd probably have added the AuthListPoster as value 6 and left AuthSiteAdmin as 5. It's unlikely that someone has squirreled these values away, but if they have, this might break their code because their AuthSiteAdmin enum value is now AuthListPoster.
Thanks for the comment. I initially did just what you suggest, but I decided that was being more careful than necessary and esthetically, I liked it better this way. But, I didn't consider that someone might actually have code that saved the values, and although I think it's unlikely, the potential consequences could be serious, so I'll change it. - -- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFNtialVVuXXpU7hpMRAqOGAJ47KXG8BOGyoIZ6cjge7H5WzMfi7ACeOW40 1kcyliAC5AIJTcf3DYhOQ4E= =Tmg2 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On Apr 25, 2011, at 06:57 PM, Mark Sapiro wrote:
Thanks for the comment. I initially did just what you suggest, but I decided that was being more careful than necessary and esthetically, I liked it better this way. But, I didn't consider that someone might actually have code that saved the values, and although I think it's unlikely, the potential consequences could be serious, so I'll change it.
Thanks Mark.
- -Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJNtxTDAAoJEBJutWOnSwa/A8wP/izzWFJokD+aNnEpVvbfqPOh ioR01lkyVQor/SveBlMJCShM9EAmZ5zQ2x85QnDKzsNawlvkZB/Ge6lP7Dt2Y5OM tOP8nrrGQUyl/h7kxq9BeffDTfxKkxW7Y5bvhqLwMCQCHTpEQI6S7GsFD8AnTCKL H2AMZAfAb9xBCaVBd6weKbx/2OVCSF9e8jmekYANjRhy0YFp0xMWm5UsOsCcyDsP H4hkQAwpigAMkYwZXnQWj9nC2MaeJuZw12PjQF+67CJQTMQ20S12k8ipzhFbHrKK Oy+UOoT0Sy2+x/G4vNx5qccw9ZjdOPnAdRCQQRZftJBUNaKhTcQ/8ScFnXitfTwj 6a6yWhO2I5JKuNf+pifgaRKhbBUzq8Rt+4OiU8CT69edQrQQkP1qeSP8JQaYVvH3 Hp1v+NfOtJdMOyntsHypMXAiTeppGTHW48EuyehRed4vwlsSRIs9McVAH96rmd2y JOCOHwd/G4uQuQUNey8ma5mxbJlShNSifXGctMPlobggUnj2lXt5h8y1FCJpTnpj Nt9gkOzuTUv4SI/cVliABJ/3gVx8Gg3nxxE/j1zA9GiXHa4/hI4eaTwwLZhNpGuH p1ym0btNLf/3Hz8Ef3dDLyCDIZ912ly0nhBVJfzhelEF0ZAiOqltsAz5kDd7gePo eDACvA+UB3xsq+kV2Nne =hNMt -----END PGP SIGNATURE-----
participants (2)
-
Barry Warsaw
-
Mark Sapiro