Update of /cvsroot/mailman/mailman/Mailman
In directory sc8-pr-cvs1:/tmp/cvs-serv3659
Modified Files:
MailList.py
Log Message:
MailList.__init__(): When trying to execfile extend.py, we ignore
ENOENT but log all other IOErrors instead of propagating them up.
Closes a tiny exploit found by Ned Dawes.
Backport candidate.
Index: MailList.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/MailList.py,v
retrieving revision 2.108
retrieving revision 2.109
diff -u -d -r2.108 -r2.109
--- MailList.py 6 Jun 2003 18:24:28 -0000 2.108
+++ MailList.py 28 Sep 2003 15:59:32 -0000 2.109
@@ -112,7 +112,11 @@
try:
execfile(filename, dict)
except IOError, e:
- if e.errno <> errno.ENOENT: raise
+ # Ignore missing files, but log other errors
+ if e.errno == errno.ENOENT:
+ pass
+ else:
+ syslog('error', 'IOError reading list extension: %s', e)
else:
func = dict.get('extend')
if func:
_______________________________________________
Mailman-checkins mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-checkins
