[ mailman-Bugs-474616 ] SECURITY: Pipermail permissions problem
Bugs item #474616, was opened at 2001-10-24 22:35 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103 Category: Pipermail Group: None Status: Closed Resolution: Wont Fix Priority: 8 Submitted By: H. Peter Anvin (hpa) Assigned to: Nobody/Anonymous (nobody) Summary: SECURITY: Pipermail permissions problem Initial Comment: $mailman_root/archive/private is o+x in the default installation. This allows anyone with local access to the machine to read the archives of private mailing lists, as long as they know the (trivial) structure of the files beneath this directory. I have verified that changing this directory to o-x causes *all* pipermail pages to become inaccessible, so that does not resolve the problem. There presumably needs to be a setgid program involved which can verify that the user is authenticated and give access to the archives if appropriate; then that directory can be made o-x. ---------------------------------------------------------------------- Comment By: Arne Georg Gleditsch (argggh) Date: 2002-06-05 11:00 Message: Logged In: YES user_id=387572 I'm not comfortable with this remaining unfixed. Is there any reason it couldn't be handled by doing --- Mailman/Archiver/Archiver.py 15 Feb 2002 16:28:03 -0000 1.1 +++ Mailman/Archiver/Archiver.py 5 Jun 2002 08:54:18 -0000 @@ -250,8 +250,12 @@ self._internal_name + '.mbox') privmbox = self.archive_directory + '.mbox' if self.archive_private: + os.chmod(privdir, 02770) + os.chmod(privmbox, 02770) breaklink(pubdir) breaklink(pubmbox) else: + os.chmod(privdir, 02775) + os.chmod(privmbox, 02775) makelink(privdir, pubdir) makelink(privmbox, pubmbox) or something? ---------------------------------------------------------------------- Comment By: Barry A. Warsaw (bwarsaw) Date: 2002-04-12 00:40 Message: Logged In: YES user_id=12800 I'm not inclined to fix this, since this arrangement is crucial to the web security of private archives. Since Mailman is usually run on mail and/or web servers that have very limited access anyway, I don't consider this an important vulnerability. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103
participants (1)
-
noreply@sourceforge.net