[Bug 1269959] [NEW] check_perms does not change UID

Joshua Brandt joshua.brandt at cpanel.net
Thu Jan 16 22:56:53 CET 2014


*** This bug is a security vulnerability ***

Private security bug reported:

When running check_perms, the script fixes the GID for everything,
however it does not fix the UID, which could allow users to still have
access to those files.

Granted, it is a remote possibility, however I feel it is significant
enough to be fixed. I have included a patch in this report that will fix
it as well (as I cannot get Bazaar to play nice with me).

If you have any questions please feel free to ask them, I can be
contacted here, or at joshua.brandt at cpanel.net as well.

Cheers,
Joshua Brandt
cPanel Quality Assurance Analyst

** Affects: mailman
     Importance: Undecided
         Status: New

** Patch added: "This is a patch that will fix the script, since I can't seem to get Bazaar to play nice and get a good branch for me"
   https://bugs.launchpad.net/bugs/1269959/+attachment/3950418/+files/check_perms.patch

-- 
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1269959

Title:
  check_perms does not change UID

To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1269959/+subscriptions


More information about the Mailman-coders mailing list