On 16 Nov 2020, at 2:17, Stephen J. Turnbull wrote:
Bill Cole writes:
On 15 Nov 2020, at 22:18, Stephen J. Turnbull wrote:
I don't see why access to archives would cause a security issue,
Thanks for the reply!
Also FWIW, I'm explaining here why I don't think this is a Mailman
issue. If there is a vulnerability in our distribution, and the
SELinux policy is pointing it out, we (I think I speak for all the
core devs here ;-) want to fix it.
Right. I agree that it is not a problem with anything Mailman is doing
that is in any way dangerous or even that it is something that the base
distribution should attempt to deal with.
FWIW:
1. SELinux doesn't know about specific security issues, it assumes
that
nothing is safe unless explicitly allowed.
Yes, I was already aware that that is the "theoretically correct"
policy, and had guessed that SELinux follows it.
2. On RHEL7 and its derivatives, the default SELinux policy includes
a
module for mailman's executable and data files which *in my
experience*
just works without modification when mailman is installed from an
official RPM.
Aha. Now *that* is *very* useful information! So I assume that would
also apply to sufficiently recent CentOS, and most likely to Fedora.
Yes.
And it's something to look up on Debian and Ubuntu.
It seems that https://github.com/SELinuxProject/refpolicy is the
upstream basis for the EL-family default policy and it appears to have
build switches for other lineages. I believe that the EL family is the
only one that has SELinux enabled and enforcing by default.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
------------------------------------------------------
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/
