On Mon, 2014-06-16 at 14:00 -0700, Mark Sapiro wrote:
On 06/16/2014 01:45 PM, Lindsay Haisley wrote:
If you have shell access on a Mailman host you can pretty much do as you wish, including circumventing a lot of Mailman's privacy walls, all without having system root access. This is both good and bad, obviously, and is mostly an argument for being cautious about who has terminal access on a server running Mailman.
You still need sufficient access. E.g., config.pck files are not world readable, at least in a normal install, so you need to be root or in Mailman's group to access list information. Also, we tell you how to protect archives/private/ from non-root/mailman access by local users.
You're doubtless right, Mark. I did a cursory test here and could see whatever I wanted to see, but I do note that my shell user is in the mailman group, which probably explains why I could access the information.
-- Lindsay Haisley | "Everything works if you let it" FMP Computer Services | 512-259-1190 | --- The Roadie http://www.fmp.com |