On Wed, July 18, 2012 14:09, Thorsten Glaser wrote: >> This means that any (php/perl/python) script running with the webserver >> privileges can potentially read/write to /var/lib/mailman/data . > > Hrm. So does the other way: mailman can read/write apache's stuff. > It may not be quite that big an attack surface, but... *shrug* > > I think fix_perms -f should be run in postinst, once. And if we > want to adopt your way round, fix_perms must be fixed... gah.
Well, I don't think we must run check_perms -f at all, we need to install things in the way we think the permissions are correct, not run some script later to change them. Indeed this entire bug stems from the conflict that there is between the need of Mailman to write to that directory (as list), and for Mailman (as www-data) to be able to read it. In any case it will be necessary for the www-data user to gain permission to read the archives. Afterall, there's no other way to make private archives work. The concept that on a shared host with Apache using www-data different apps can read eachother's data must be considered known to the admin - this goes for any web app you install in such a scenario. Cheers, Thijs -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
