[Mailman-Developers] Mailman, hard links and the Openwall (fw)

claw@kanga.nu claw@kanga.nu
Sun, 28 Nov 1999 20:19:40 -0800

------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <20661.943849179.1@kanga.nu>

This seems a little offbeat, but should be addressed:

J C Lawrence                                 Home: claw@kanga.nu
----------(*)                              Other: coder@kanga.nu
--=| A man is as sane as he is dangerous to his environment |=--

------- =_aaaaaaaaaa0
MIME-Version: 1.0
Content-Type: message/rfc822

X-Envelope-From: debian-devel-request@lists.debian.org Sun Nov 28 13:59:43 1999
Return-path: <debian-devel-request@lists.debian.org>
Envelope-to: claw@localhost
Delivery-date: Sun, 28 Nov 1999 13:59:43 -0800
Received: from localhost ([] ident=claw)
	by koala.kanga.nu with esmtp (Exim 2.12 #1)
	id 11sCMB-00048o-00
	for claw@localhost; Sun, 28 Nov 1999 13:59:43 -0800
Received: from kanga.nu
	by fetchmail-4.5.8 POP3
	for <claw/localhost> (single-drop); Sun, 28 Nov 1999 13:59:43 PST
Received: from murphy.debian.org [] 
	by kanga.nu with smtp (Exim 3.03 #1 (Debian))
	id 11sCOl-0004fJ-00; Sun, 28 Nov 1999 14:02:23 -0800
Received: (qmail 12190 invoked by uid 38); 28 Nov 1999 22:01:22 -0000
Resent-Date: 28 Nov 1999 22:01:22 -0000
Resent-Cc: recipient list not shown: ;
X-Envelope-Sender: grendel@vip.net.pl
Date: Sun, 28 Nov 1999 23:01:30 +0100
From: Marek Habersack <grendel@vip.net.pl>
To: debian-devel@lists.debian.org
Subject: Mailman, hard links and the Openwall
Message-ID: <19991128230130.A20329@vip.net.pl>
Reply-To: grendel@vip.net.pl
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="Kj7319i9nmIyA2yE"
User-Agent: Mutt/1.0i
Organization: I just...
Resent-Message-ID: <PxjSiD.A.M-C.xYaQ4@murphy>
Resent-From: debian-devel@lists.debian.org
X-Mailing-List: <debian-devel@lists.debian.org> archive/latest/50197
X-Loop: debian-devel@lists.debian.org
Precedence: list
Resent-Sender: debian-devel-request@lists.debian.org

Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Hi *,

  Some of you probably know the Solar Designer's OpenWall security patches
to the Linux kernel. One of the features of these patches is the ability to
prevent users from creating symlinks and hardlinks in /tmp to files they
don't own. Some time ago my Mailman stopped working and I didn't associate
the security warning messages popping up on a screen with the Solar
Designer's patch which I have just applied to the 2.2.13 kernle. Recently,
however, I decided to look at what might be the problem causing Mailman to
fail. It turns out that Mailman uses hard links in /tmp to files in the
/var/lib/mailman/lists/listname/* files and also to lock some other files.
The problem is that those files are owned by root.list with mode 664
(mostly) and the httpd daemon (Roxen in my case) runs the Mailman scripts as
nobody or list. The Solar Designer's code refuses creating sym- and
hardlinks to those files and Python raises an exception causing Mailman to
abort. Now, I see no reason for the files to be owned by root.list - after
making the httpd execute Mailman scripts with UID 38 (list) and changing the
ownership of the entire Mailman director tree to list.list everything
started to work smoothly again. Therefore, I think the postinst Mailman
script should change the ownership of the files to list.list.


Content-Type: application/pgp-signature

Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org



To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

------- =_aaaaaaaaaa0--