severity 450927 normal tags 450927 pending thanks Hi Alexander,
> By defaults mailman creates /var/log/mailman readable by everyone. But > some private information (at least subscribers list) may go there. So it > should be created with rwxrws--- permitions. It's not very critical, but > I think should be fixed even in etch (may be not now, but with other > issues if there will be any). Thank you for the report. I agree that it would better not be publically readable. However, I think the impact is quite low. There are no complete subscriber lists, just the most recent subscriptions to lists; and the eavesdropper needs to be a local user. Local users can already often deduce information about who receives mail to a list, e.g. by using mailq. But indeed, I've fixed it for the next package release. I will not update sarge/etch however. thanks, Thijs
pgpSPtYFZqsNh.pgp
Description: PGP signature
