[Mailman-Developers] URGENT!!!! security problems

[Gergely Madarasz]

Hello!

There are BIG security problems with mailman. For example a list
administrator can subscribe an "email address" like this with mass
subscribe:

`touch /tmp/gotcha`

Then when someone sends mail to the list, the command is executed... this
means any list administrator can get access to user running mailman
on the list server. I could not achieve the same when trying to
subscribe as a normal user, but i cannot say that it is safe. This needs a
very urgent fix.

Greg

Ps. thanks to Endre Hirling <endre@dawn.elte.hu> for pointing this problem
out to me

--
Madarasz Gergely           gorgo@caesar.elte.hu         gorgo@linux.rulez.org
      It's practically impossible to look at a penguin and feel angry.
          Egy pingvinre gyakorlatilag lehetetlen haragosan nezni.
              HuLUG: http://www.cab.u-szeged.hu/local/linux/