[Mailman-Users] Creating New List via Web Interface

Christopher Schulte christopher at schulte.org
Fri Sep 17 21:56:52 CEST 1999

At 10:51 AM 9/17/99 -0700, you wrote:
 >> It also presents an entire new set of security concerns.  With
 >> sendmail, updating the aliases file is not enough, you also *as
 >> root* have to run 'newaliases'.  Mailman's great as it doesn't run
 >> as root (or doesn't have to, anyway).  That is a great option.

Agreed 100% no doubt.

 >True, tho this could be sidestpped by having a cronjob that
 >periodically checked the timestamp on the aliases file and then ran
 >newaliases (on any other command an MTA needed) as needed.  The web
 >interface would then mere contain something like, "Your new list has
 >been created and will become active (capable of receiving mail)
 >within the next NNN minutes."
 >Its certainly not an elegant solution.

It may not be "elegant" but I really like this idea much more than having 
any mailman binaries suid root.  The suid bit is not something that should 
be given lightly to ANY program.

I've not looked into the sendmail option to refresh the alias database as 
needed.  Does this require that sendmail be run as a daemon?  If so then 
you can forget the many people who use a third party smtp daemon which 
passes messages to sendmail directly rather than having it sit on port 25 
itself... and thus taking another suid program away from possible abuse.

 >J C Lawrence      Life: http://www.kanga.nu/   Home: claw at kanga.nu
 >---------(*)                Work (Linux/IA64): claw at varesearch.com
 > ... Beware of cromagnons wearing chewing gum and palm pilots ...

NAME: Christopher Schulte
MAIL: christopher at schulte.org
SITE: http://www.schulte.org/
FINGER: christopher at shell.schulte.org

The magic of cheese pizza should never be underestimated.

More information about the Mailman-Users mailing list