[Mailman-Developers] Mailman 2.0.5 patch

Marc MERLIN marc_news@valinux.com
Fri, 4 May 2001 13:49:38 -0700

On Fri, May 04, 2001 at 04:25:52PM -0400, Barry A. Warsaw wrote:
> The problem is that while the dolist() step happens unconditionally,
> it only needs to be done if it updates the archive_directory or
> private_archive_file_dir attributes.  Below is a patch to skip this
> step if those attrs don't need to be upgraded.
Great, thanks.
>     MM> Would you accept a patch that made update change its uid to
>     MM> mailman (requiring make install to be ran as root or mailman)
>     MM> for everyone?
> I'm not so sure.  Say I install Mailman as user `barry', I don't want
> to be running the upgrade as user `mailman'.

Yeah, I figured that afterwards. Fair enough.

> Probably a better approach is to refuse to run update if the effective
> uid doesn't equal mm_cfg.MAILMAN_UID.  On the other hand, the attached

Mmmh, that will fail for you when you do make install as barry, then.
Letme think.
How about
if euid != mm_cfg.MAILMAN_UID:
   if euid == 0
       setgid (mm_cfg.MAILMAN_GID)
       setuid (mm_cfg.MAILMAN_UID)
This way,  when you  install as root,  it setuids to  mailman first,  if you
install as  mailman, everything is  fine too, and  if you install  as barry,
that continues  to work  (although it obviously  won't work  with restricted

> patch might be enough.  On the third hand, maybe bin/update should
> just be culled of all ability to upgrade from a pre-2.0 revision?  In
> that case, I'll bet bin/update can just go away.

The upgrade code is probably useful to  some. I don't mind it myself as long
as it doesn't try to run on my machines when I upgrade from 2.0.x to 2.0.y.

I'll apply your patch  to my tree when I upgrade mailman on  my 3 other list
servers, and I'll report back.

Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/   |   Finger marc_f@merlins.org for PGP key