*** This bug is a security vulnerability *** Private security bug reported:
When running check_perms, the script fixes the GID for everything, however it does not fix the UID, which could allow users to still have access to those files. Granted, it is a remote possibility, however I feel it is significant enough to be fixed. I have included a patch in this report that will fix it as well (as I cannot get Bazaar to play nice with me). If you have any questions please feel free to ask them, I can be contacted here, or at [email protected] as well. Cheers, Joshua Brandt cPanel Quality Assurance Analyst ** Affects: mailman Importance: Undecided Status: New ** Patch added: "This is a patch that will fix the script, since I can't seem to get Bazaar to play nice and get a good branch for me" https://bugs.launchpad.net/bugs/1269959/+attachment/3950418/+files/check_perms.patch -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1269959 Title: check_perms does not change UID To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1269959/+subscriptions _______________________________________________ Mailman-coders mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-coders
