[Pkg-mailman-hackers] Bug#450927: /var/log/mailman is drwxrwsr-x should be drwxrws---
Alexander Gerasiov
gq at cs.msu.su
Mon Nov 12 11:06:44 UTC 2007
Package: mailman
Version: 1:2.1.9-7
Severity: serious
Tags: security
By defaults mailman creates /var/log/mailman readable by everyone. But
some private information (at least subscribers list) may go there. So it
should be created with rwxrws--- permitions. It's not very critical, but
I think should be fixed even in etch (may be not now, but with other
issues if there will be any).
Regards.
-- System Information:
Debian Release: 4.0
APT prefers proposed-updates
APT policy: (670, 'proposed-updates'), (670, 'stable'), (650, 'testing-proposed-updates'), (650, 'testing'), (600, 'unstable'), (550, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.18-5-vserver-686
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R)
Versions of packages mailman depends on:
ii adduser 3.102 Add and remove users and groups
ii apache2-mpm-prefork [h 2.2.3-4+etch3 Traditional model for Apache HTTPD
ii cron 3.0pl1-100 management of regular background p
ii debconf [debconf-2.0] 1.5.11etch1 Debian configuration management sy
ii libc6 2.3.6.ds1-13etch4 GNU C Library: Shared libraries
ii logrotate 3.7.1-3 Log rotation utility
ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip
ii postfix [mail-transpor 2.3.8-2+b1 A high-performance mail transport
ii pwgen 2.05-1 Automatic Password generation
ii python 2.4.4-2 An interactive high-level object-o
ii python-support 0.5.6 automated rebuilding support for p
ii ucf 2.0020 Update Configuration File: preserv
mailman recommends no packages.
-- debconf information:
mailman/update_passwords:
* mailman/site_languages: en, ru
* mailman/used_languages: en ru
* mailman/create_site_list:
* mailman/queue_files_present:
* mailman/default_server_language: ru
* mailman/gate_news: false
mailman/update_aliases:
More information about the Pkg-mailman-hackers
mailing list