[Mailman-Users] problem with the openwall kernel patch and mailman

[Andreas Marienborg]

Traceback (innermost last):
  File "/var/mailman/cron/checkdbs", line 87, in ?
    main()
  File "/var/mailman/cron/checkdbs", line 41, in main
    mlist = MailList.MailList(name)
  File "/var/mailman/Mailman/MailList.py", line 69, in __init__
    self.Load()
  File "/var/mailman/Mailman/MailList.py", line 858, in Load
    self.Lock()
  File "/var/mailman/Mailman/MailList.py", line 1300, in Lock
    self.__lock.lock()
  File "/var/mailman/Mailman/LockFile.py", line 209, in lock
    os.link(self.__lockfile, self.__tmpfname)
OSError: [Errno 1] Operation not permitted


this error i get in the checkdb and senddigests programs

the errors started appearing after i upgraded to 2.2.15-ow1

on of the ow1 patches security enhancing functions is restricting who
can own what in +t directories

snipped from ow1's README file:
---
Restricted links in /tmp
--------------------------

I've also added a link-in-+t restriction, originally for Linux 2.0 only,
by Andrew Tridgell.  I've updated it to prevent from using a hard link in
an attack instead, by not allowing regular users to create hard links to
files they don't own.  This is usually the desired behavior anyway, since
otherwise users couldn't remove such links they've just created in a +t
directory, and because of disk quotas.

 Restricted FIFOs in /tmp
--------------------------

In addition to restricting links, you might also want to restrict writes
into untrusted FIFOs (named pipes), to make data spoofing attacks harder.
Enabling this option disallows writing into FIFOs not owned by the user in
+t directories, unless the owner is the same as that of the directory or
the FIFO is opened without the O_CREAT flag.
---- END SNIP ----

does anyone know if this would be hard to fix in mailman?


Andreas