[Mailman-Users] Everything's a bug?
bug at aphid.net
Sun Aug 13 07:39:24 CEST 2000
Wrote Virginia Beauregard on Sat, Aug 12, 2000 at 05:36:44PM -0400:
> On Fri, 11 Aug 2000, Jeme A Brelin wrote:
> > I do have suexec enabled. I'm a bit concerned because this makes all cgi
> > run as the user that owns it (rather than the webserver user). The
> > INSTALL file specifically warns against running some things with the
> > mailman GID. Unfortunately I need suexec. Are they incompatible?
> I do not believe suEXEC and Mailman are compatible with the initial
> installation of Mailman. Why? Double check the suEXEC security model,
> (1) 13.Is the directory within the Apache webspace?
I set --suexec-docroot to /home and do everything from there, because
that's where all my virtual host document roots were and I couldn't
handle moving them all to something more secure.. Luckily this meant
mailman fine in /home/mailman.
> (2) 14.Is the directory NOT writable by anyone else?
> This is fundamentally incompatible with the default Mailman
> $ ls -ld /data/mailman/cgi-bin
> drwxrwsr-x 2 mail mailman 4096 Aug 10 19:56 /data/mailman/cgi-bin/
> (3) 17.Is the target program NOT setuid or setgid?
Which is very annoying because make install and check_perms always reset
these permissions even though they are not necessary and do not work in
my situation - it would be nice if check_perms was a little more
[ charles hamilton dale <bug at aphid.net> ]
More information about the Mailman-Users