[Mailman-Users] Web interface stopped working after ubuntu update

Mark Sapiro mark at msapiro.net
Wed Mar 29 11:51:23 EDT 2017 

On 03/28/2017 08:28 PM, Nick Wyman wrote:
> Hello,
> 
> I have an Ubuntu 14.04 server running apache2.4 and mailman.  This server has been running a few lists with no problems for over a year.  After updating some Ubuntu packages for security maintenance (unfortunately I don't know all that changed, but apache2 and mailman were unaltered), the web interface, e.g. mailman/listinfo now displays:
> 
> Mailman CGI error!!!
> 
> The Mailman CGI wrapper encountered a fatal error. This entry is being stored in your syslog:
> Operation not permitted
> 
> The apache2 config files are unchanged:
> 
> I have checked that the vhost for this domain is running with uid and gid www-data.
> Verified that I can run mailman/listinfo from the shell as www-data and receive a proper HTML response.
> 
> I enabled apache2 LogLevel trace3 and see that the request is getting through to mailman/listinfo, but no other info is logged.
> 
> No meaningful info is logged to syslog or mailman/logs.
> 
> It seems that something is failing inside the listinfo executable causing it to return error to the driver leading to the above response.  Is it possible to get more logging info from this process?   Perhaps a Python update has caused a script malfunction?


The error is "Operation not permitted". My best guess is this is
occurring at this point in the wrapper

#ifdef HAVE_SETREGID
        status = setregid(getegid(), -1);
        if (status)
                fatal(logident, SETREGID_FAILURE, "%s", strerror(errno));
#endif /* HAVE_SETREGID */

Do other CGIs (e.g. admin, admindb, private, options) fail the same way.

There should at least be something logged in /var/log/apache2/error.log
or wherever the error log is for the vhost. There is a 'syslog' call in
the wrapper, but it only writes the "Operation not permitted" message
that was displayed in the browser.

If you can find the exit status of the wrapper in the apache log, those
codes are defined as

/* Exit codes, so it's easier to distinguish what caused fatal errors when
 * looking at syslogs.
 */
#define GROUP_MISMATCH 2
#define SETREGID_FAILURE 3
#define EXECVE_FAILURE 4
#define MAIL_USAGE_ERROR 5
#define MAIL_ILLEGAL_COMMAND 6
#define ADDALIAS_USAGE_ERROR 7
#define GROUP_NAME_NOT_FOUND 8

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list