[ mailman-Bugs-1120477 ] Traceback in private.py after security
patch
SourceForge.net
noreply at sourceforge.net
Fri Feb 11 12:32:00 CET 2005
Bugs item #1120477, was opened at 2005-02-10 19:39
Message generated for change (Comment added) made by rgoun
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1120477&group_id=103
Category: Web/CGI
Group: 2.1 (stable)
>Status: Closed
>Resolution: Invalid
Priority: 5
Submitted By: Roger H. Goun (rgoun)
Assigned to: Nobody/Anonymous (nobody)
Summary: Traceback in private.py after security patch
Initial Comment:
I applied the patch at
http://www.list.org/CAN-2005-0202.txt to a
Mailman 2.1.4 installation and restarted the Web
server. The first time I tried to access the archives
for a private list using an email address that's *not*
subscribed to the list, I got the traceback below.
I backed out the patch and restarted the Web server. I
now get the
correct "Authorization failed." message.
Note that for the sake of paranoia I've obfuscated my
email address,
changed the names of private lists, and flipped a few
bits in the
cookie data and remote address below.
-- Roger
---------------
Bug in Mailman version 2.1.4
We're sorry, we hit a bug!
If you would like to help us identify the problem,
please email a copy of this page to the webmaster for
this site with a description of what happened. Thanks!
Traceback:
Traceback (most recent call last):
File "/usr/local/mailman/scripts/driver", line 87, in
run_main
main()
File "/usr/local/mailman/Mailman/Cgi/private.py",
line 124, in main
password, username):
File "/usr/local/mailman/Mailman/SecurityManager.py",
line 220, in WebAuthenticate
ok = self.CheckCookie(ac, user)
File "/usr/local/mailman/Mailman/SecurityManager.py",
line 300, in CheckCookie
ok = self.__checkone(c, authcontext, user)
File "/usr/local/mailman/Mailman/SecurityManager.py",
line 310, in __checkone
key, secret = self.AuthContextInfo(authcontext, user)
File "/usr/local/mailman/Mailman/SecurityManager.py",
line 105, in AuthContextInfo
secret = self.getMemberPassword(user)
File
"/usr/local/mailman/Mailman/OldStyleMemberships.py",
line 102, in getMemberPassword
raise Errors.NotAMemberError, member
NotAMemberError: roger-no at spam-bcah.com
Python information:
Variable Value
sys.version 2.2.2 (#1, Jan 30 2003, 21:26:22) [GCC 2.96
20000731 (Red Hat Linux 7.3 2.96-112)]
sys.executable /usr/bin/python2.2
sys.prefix /usr
sys.exec_prefix /usr
sys.path /usr
sys.platform linux2
Environment variables:
Variable Value
PATH_INFO /dfnh-foo/
HTTP_ACCEPT
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
CONTENT_TYPE application/x-www-form-urlencoded
HTTP_REFERER
http://mail.democracyfornewhampshire.com/mailman/private/dfnh-foo/
SERVER_SOFTWARE Apache/1.3.27 (Unix) (Red-Hat/Linux)
mod_python/2.7.8 Python/1.5.2 mod_ssl/2.8.12
OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26
mod_throttle/3.1.2
PYTHONPATH /usr/local/mailman
SCRIPT_FILENAME /usr/local/mailman/cgi-bin/private
SERVER_ADMIN roger-no at spam-bcah.com
SCRIPT_NAME /mailman/private
SERVER_SIGNATURE
Apache/1.3.27 Server at democracyfornewhampshire.com
Port 80
REQUEST_METHOD POST
HTTP_HOST mail.democracyfornewhampshire.com
HTTP_KEEP_ALIVE 300
SERVER_PROTOCOL HTTP/1.1
QUERY_STRING
REQUEST_URI /mailman/private/dfnh-foo/
CONTENT_LENGTH 63
HTTP_ACCEPT_CHARSET ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_USER_AGENT Mozilla/5.0 (X11; U; Linux i686;
en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0
HTTP_CONNECTION keep-alive
HTTP_COOKIE
dfnh-board+user+roger-no--at--spam-bcah.com=280200000069caae0b42732800000063346130393963653330656239633862643737356337626437396561663334363862343563643536;
dfnh-members+admin=280200000069dcee0b42732800000033353539613836343166396565376030323966663963313435646564633734303837666366666230
SERVER_NAME democracyfornewhampshire.com
REMOTE_ADDR 24.35.177.35
REMOTE_PORT 38224
HTTP_ACCEPT_LANGUAGE en-us,en;q=0.5
PATH_TRANSLATED
/home/roger/democracyfornewhampshire.com/html/dfnh-foo/
SERVER_PORT 80
GATEWAY_INTERFACE CGI/1.1
HTTP_ACCEPT_ENCODING gzip,deflate
SERVER_ADDR 199.125.75.14
DOCUMENT_ROOT
/home/roger/democracyfornewhampshire.com/html
----------------------------------------------------------------------
>Comment By: Roger H. Goun (rgoun)
Date: 2005-02-11 06:32
Message:
Logged In: YES
user_id=3950
I deleted cookies and tried again. This time I got the
"Authorization failed." message.
Sorry for the false alarm.
----------------------------------------------------------------------
Comment By: Tokio Kikuchi (tkikuchi)
Date: 2005-02-10 20:33
Message:
Logged In: YES
user_id=67709
The security patch should have nothing to do with the trace
back. Will you please try again after deleting cookies of
this site?
(not disable but delete existing cookies)
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1120477&group_id=103
More information about the Mailman-coders
mailing list