mailmanctl is executed as root the
checkprivs function performs
setuid to reduce the process privileges.
But mailmanctl fails to set the supplemental groups of the process to those of the
setuid'ed user, effectively leaving the processes with the same group privileges as root and, potentially, without the group privileges of the
This patch uses
os.setgroups() to fix that.
Problem definition and solution originally by Jonas Meurer; I have just published the patch.
Versions of this patch are avaliable for Mailman 2.1.2 and MM 2.1.3
The changes made by this patch have been incorporated into Mailman 2.1.4 and thus it is not required for that and later releases.
This patch modifies
mailmanctl to use
os.setgroups() to set the processes groups when it is being run by root.
Apply the patch from within the Mailman build directory using the command:
patch -p1 < path-to-patch-file
|2.1.4||Patch incorporated into Mailman source and no longer required.|
|Click to e-mail comments or complaints||Last updated: 1-Jan-04 9:14 am|