[ mailman-Bugs-777444 ] mailmanctl doesn't setgroups when run as root

SourceForge.net noreply at sourceforge.net
Tue Sep 30 16:45:39 EDT 2003


Bugs item #777444, was opened at 2003-07-25 10:02
Message generated for change (Comment added) made by ppsys
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=777444&group_id=103

Category: security/privacy
Group: 2.1 (stable)
Status: Open
Resolution: None
Priority: 5
Submitted By: Richard Barrett (ppsys)
Assigned to: Nobody/Anonymous (nobody)
Summary: mailmanctl doesn't setgroups when run as root

Initial Comment:
When mailmanctl is executed as root the checkprivs

function performs setgid and setuid to reduce the

process privileges.



But mailmanctl fails to set the supplemental groups of

the process to those of the setuid'ed user, effectively

leaving the

processes with the same group privileges as root and,

potentially, without the group privileges of the

setuid'ed user.



This patch uses os.setgroups() to fix that.



Problem definition and solution by Jonas Meurer.



I'm just filing the bug fix for him.



Apply the patch from within the Mailman build directory

with:



patch -p1 < path-to-patch-file

----------------------------------------------------------------------

>Comment By: Richard Barrett (ppsys)
Date: 2003-09-30 20:45

Message:
Logged In: YES 
user_id=75166

grpsec-2.1.3-0.1.patch is a MM 2.1.3 compatible version of the 

patch

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=777444&group_id=103



More information about the Mailman-coders mailing list