[ OpenInfo Home ] [ UP ]

Mailman Patch #777444 mailmanctl doesn't setgroups when run as root

Description

When mailmanctl is executed as root the checkprivs function performs setgid and setuid to reduce the process privileges.

But mailmanctl fails to set the supplemental groups of the process to those of the setuid'ed user, effectively leaving the processes with the same group privileges as root and, potentially, without the group privileges of the setuid'ed user.

This patch uses os.setgroups() to fix that.

Problem definition and solution originally by Jonas Meurer; I have just published the patch.

Applicability

Versions of this patch are avaliable for Mailman 2.1.2 and MM 2.1.3

The changes made by this patch have been incorporated into Mailman 2.1.4 and thus it is not required for that and later releases.

Necessary Precursors

None

Changes Made

This patch modifies mailmanctl to use os.setgroups() to set the processes groups when it is being run by root.

Applying the patch

Apply the patch from within the Mailman build directory using the command:

    patch -p1 < path-to-patch-file

Download Patch File

MM Version Download
2.1.4 Patch incorporated into Mailman source and no longer required.
2.1.3 Download
2.1.2 Download


Click to e-mail comments or complaints Last updated: 1-Jan-04 9:14 am

[ OpenInfo Home ] [ UP ]