2.1] Rev 1489: Mailman's log files, request.pck files and heldmsg-* files are no

noreply Fri, 06 Jun 2014 13:37:35 -0700

------------------------------------------------------------
revno: 1489
fixes bug: https://launchpad.net/bugs/1327404
committer: Mark Sapiro <[email protected]>
branch nick: 2.1
timestamp: Fri 2014-06-06 13:27:44 -0700
message:
  Mailman's log files, request.pck files and heldmsg-* files are no
  longer created world readable to protect against access by untrusted
  local users.
modified:
  Mailman/ListAdmin.py
  Mailman/Logging/Logger.py
  NEWS



--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1

Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to 
https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription

=== modified file 'Mailman/ListAdmin.py'
--- Mailman/ListAdmin.py	2014-03-22 03:47:45 +0000
+++ Mailman/ListAdmin.py	2014-06-06 20:27:44 +0000
@@ -101,7 +101,7 @@
             # should we be as paranoid as for the config.pck file?  Should we
             # use pickle?
             tmpfile = self.__filename + '.tmp'
-            omask = os.umask(002)
+            omask = os.umask(007)
             try:
                 fp = open(tmpfile, 'w')
                 try:
@@ -194,7 +194,7 @@
         else:
             ext = 'txt'
         filename = 'heldmsg-%s-%d.%s' % (self.internal_name(), id, ext)
-        omask = os.umask(002)
+        omask = os.umask(007)
         try:
             fp = open(os.path.join(mm_cfg.DATA_DIR, filename), 'w')
             try:

=== modified file 'Mailman/Logging/Logger.py'
--- Mailman/Logging/Logger.py	2005-12-30 18:50:08 +0000
+++ Mailman/Logging/Logger.py	2014-06-06 20:27:44 +0000
@@ -60,7 +60,7 @@
             return self.__fp
         else:
             try:
-                ou = os.umask(002)
+                ou = os.umask(007)
                 try:
                     try:
                         f = codecs.open(

=== modified file 'NEWS'
--- NEWS	2014-05-29 15:38:47 +0000
+++ NEWS	2014-06-06 20:27:44 +0000
@@ -7,11 +7,20 @@
 
 2.1.19 (xx-xxx-xxxx)
 
+  Changed behavior
+
+    - Mailman's log files, request.pck files and heldmsg-* files are no
+      longer created world readable to protect against access by untrusted
+      local users.  Note that permissions on existing log files won't be
+      changed so if you are concerned about this and don't rotate logs or
+      have a logrotate process that creates new log files instead of letting
+      Mailman create them, you will need to address that.  (LP: #1327404)
+
+  Bug fixes and other patches
+
     - If checking DNS for dmarc_moderation_action and DNS lookup is not
       available, log it.  (LP: #1324541)
  
-  Bug fixes and other patches
-
     - Handle missing From: header addresses for DMARC mitigation actions.
       (LP: #1318025)

_______________________________________________
Mailman-checkins mailing list
[email protected]
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org

[Mailman-checkins] [Branch ~mailman-coders/mailman/2.1] Rev 1489: Mailman's log files, request.pck files and heldmsg-* files are no

Reply via email to