Mailman / Patches / #367 setregid() to prevent group mismatch error with any MTA

#367 setregid() to prevent group mismatch error with any MTA

Status: closed-invalid

Owner: Tokio Kikuchi

Labels: None

Priority: 5

Updated: 2005-04-17

Created: 2005-04-17

Creator: svrmarty

Private: No

mailman should run with its own gid apart from the
MTA. The mail wrapper is setgid to mailmain to allow
this:
rwxr-sr-x 1 mailman mailman 7856 Mar 21
03:13 /usr/local/mailman/mail/mailman

However, the gid check in the wrapper checks the real
gid (the gid of the MTA) instead of the effective gid
(mailman). One fix is to have the wrapper set its real gid
to the effective gid as done by the attached mailman-
2.1.5-setregid.patch. This patch has been verified to
work with postfix and should work with all other MTAs.

Discussion

Tokio Kikuchi - 2005-04-17

Logged In: YES
user_id=67709

Patch is not uploaded but the discussion above is invalid.
The script wrapper checks gid to confirm that it is invoked
by a proper user. Or, anyone on the system can maliciously
invoke the script to forge a post or something like that.
Remember that if you are to check the egid, you do not have
to check anything at all because the wrapper is already set
sgid flag.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Tokio Kikuchi - 2005-04-17

assigned_to: nobody --> tkikuchi

status: open --> closed-invalid
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

setregid() to prevent group mismatch error with any MTA

Group

Searches

Help

#367 setregid() to prevent group mismatch error with any MTA

Discussion