Re: [Mailman-Users] Testing STEALTH_MODE = 1
Thanks, that was exactly what I needed! The version of Mailman is a bit later than 2.1.6, but it's still pretty old. Have to be a bit cagey as it's not my install. I suspect that whoever turned off stealth mode to test and then never turned it back on again. Out of interested, is there an ETA on a production release of Mailman 3.x ? Thanks again! Tom -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Testing STEALTH_MODE = 1
On Jan 11, 2013, at 01:14 PM, Tom Skelley wrote: Out of interested, is there an ETA on a production release of Mailman 3.x ? At this point, we're mostly trying to get the web ui (Postorius) feature compatible with Mailman 2.1. We're also working on the new archiver (Hyperkitty). I think the core engine is pretty stable and would invite interested users to give it a go, but understand that it has to be managed from the command line for now. We will be sprinting on these components again at Pycon 2013. Cheers, -Barry -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Testing STEALTH_MODE = 1
Hi All, A bit of an odd question this one. I'm new to Mailman, and one of my customers has just had an external audit. As part of the audit an advisory was given that too much information was given when an Apache query was executed. This turns out to be from the /mailman/create script. I've found that setting STEALTH_MODE = 1 in mailman/scripts/driver should fix the problem, but I need to test it. Is there a way to force an error through the web interface? I've tried changing file permissions on the python binary, changing file permissions on the .py and .pyc scripts, trying to import non-existant modules etc, but I can't manage to get it to dump a stack trace. Any help greatfully received. Tom -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Testing STEALTH_MODE = 1
Tom Skelley wrote: I've found that setting STEALTH_MODE = 1 in mailman/scripts/driver should fix the problem, but I need to test it. Is there a way to force an error through the web interface? What Mailman version are you running? STEALTH_MODE has been set to 1 by default in scripts/driver since Mailman 2.1.6. If you are still running 2.1.5 or earlier and are concerned about security issues, see http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS. I've tried changing file permissions on the python binary, changing file permissions on the .py and .pyc scripts, trying to import non-existant modules etc, but I can't manage to get it to dump a stack trace. Edit the file Mailman/Cgi/rmlist.py Insert the line raise Exception immediately preceding the line def main(): and go to a URL like http://example.com/mailman/rmlist. After you're finished testing, remove the added line. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org