[Bug 1269959] [NEW] check_perms does not change UID

Joshua Brandt joshua.brandt at cpanel.net
Thu Jan 16 22:56:53 CET 2014

*** This bug is a security vulnerability ***

Private security bug reported:

When running check_perms, the script fixes the GID for everything,
however it does not fix the UID, which could allow users to still have
access to those files.

Granted, it is a remote possibility, however I feel it is significant
enough to be fixed. I have included a patch in this report that will fix
it as well (as I cannot get Bazaar to play nice with me).

If you have any questions please feel free to ask them, I can be
contacted here, or at joshua.brandt at cpanel.net as well.

Joshua Brandt
cPanel Quality Assurance Analyst

** Affects: mailman
     Importance: Undecided
         Status: New

** Patch added: "This is a patch that will fix the script, since I can't seem to get Bazaar to play nice and get a good branch for me"

You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.

  check_perms does not change UID

To manage notifications about this bug go to:

More information about the Mailman-coders mailing list