[Mailman-Developers] Tracking down a permissions bug in attachments

Andrew Mellinger andrew_lists at crashbox.com
Fri Jan 23 12:27:45 EST 2004 

Y'all,

  I think I may have found a bug with the attachments code and hoped that
you guys could give me some input.

  When trying to save an attachment my installation of mailman provides the
following error.

+----

Jan 23 07:05:52 2004 (24615) Traceback (most recent call last):
  File "/usr/pkg/lib/mailman/Mailman/Queue/Runner.py", line 110, in _oneloop
    self._onefile(msg, msgdata)
  File "/usr/pkg/lib/mailman/Mailman/Queue/Runner.py", line 160, in _onefile
    keepqueued = self._dispose(mlist, msg, msgdata)
  File "/usr/pkg/lib/mailman/Mailman/Queue/ArchRunner.py", line 73, in
_dispose
    mlist.ArchiveMail(msg)
  File "/usr/pkg/lib/mailman/Mailman/Archiver/Archiver.py", line 208, in
ArchiveMail
    h.processUnixMailbox(f)
  File "/usr/pkg/lib/mailman/Mailman/Archiver/pipermail.py", line 544, in
processUnixMailbox
    m = mbox.next()
  File "/usr/pkg/lib/python2.2/mailbox.py", line 34, in next
    return self.factory(_Subfile(self.fp, start, stop))
  File "/usr/pkg/lib/mailman/Mailman/Mailbox.py", line 89, in scrubber
    return mailbox.scrub(msg)
  File "/usr/pkg/lib/mailman/Mailman/Mailbox.py", line 109, in scrub
    return self._scrubber(self._mlist, msg)
  File "/usr/pkg/lib/mailman/Mailman/Handlers/Scrubber.py", line 219, in
process
    url = save_attachment(mlist, part, dir, filter_html=0)
  File "/usr/pkg/lib/mailman/Mailman/Handlers/Scrubber.py", line 344, in
save_attachment
    makedirs(fsdir)
  File "/usr/pkg/lib/mailman/Mailman/Handlers/Scrubber.py", line 336, in
makedirs
    os.path.walk(dir, twiddle, None)
  File "/usr/pkg/lib/python2.2/posixpath.py", line 279, in walk
    func(arg, top, names)
  File "/usr/pkg/lib/mailman/Mailman/Handlers/Scrubber.py", line 335, in
twiddle
    os.chmod(dirname, 02775)
OSError: [Errno 1] Operation not permitted:
'/var/db/mailman/archives/private/rq-rules/attachments/20040123/72aeb309'

+----------

  Now, it looks to me like Mailman is trying to set permissions on the newly
created directory to 02775.  I'm running on NetBSD which doesn't let anyone
but the superuser set the 2000 (setuid) bit.  I imagine this setting (02775)
was done for linux which overloads the setuid bit for as 'set group' on new
files.

  Does this sound like a good assessment?  If so, is there a generic way to
turn this sort of thing off in a config?  (I searched by couldn't find
anything.)  Isn't this something that should be handled at build time?

  Thanks for any feedback!

-Andrew

More information about the Mailman-Developers mailing list