[Mailman-Users] Is there a security hole in Mailman?

Jim Popovitch jimpop at yahoo.com
Mon Feb 13 21:53:52 CET 2006

Mark Sapiro wrote:
> As far as your original question is concerned, I don't think we're
> aware of any way for list names/posting addresses to be available via
> your web server as long as your lists are not 'advertised', your
> archives are private and your web server runs as a user/group that
> can't directly access your Mailman installation.

Side question:  If the webserver is running as a user/group that can't 
directly access the Mailman installation, how can Mailman web interfaces 
work?  Perhaps you mean something else by the above?

-Jim P.

More information about the Mailman-Users mailing list