Hi *, Some of you probably know the Solar Designer's OpenWall security patches to the Linux kernel. One of the features of these patches is the ability to prevent users from creating symlinks and hardlinks in /tmp to files they don't own. Some time ago my Mailman stopped working and I didn't associate the security warning messages popping up on a screen with the Solar Designer's patch which I have just applied to the 2.2.13 kernle. Recently, however, I decided to look at what might be the problem causing Mailman to fail. It turns out that Mailman uses hard links in /tmp to files in the /var/lib/mailman/lists/listname/* files and also to lock some other files. The problem is that those files are owned by root.list with mode 664 (mostly) and the httpd daemon (Roxen in my case) runs the Mailman scripts as nobody or list. The Solar Designer's code refuses creating sym- and hardlinks to those files and Python raises an exception causing Mailman to abort. Now, I see no reason for the files to be owned by root.list - after making the httpd execute Mailman scripts with UID 38 (list) and changing the ownership of the entire Mailman director tree to list.list everything started to work smoothly again. Therefore, I think the postinst Mailman script should change the ownership of the files to list.list. thanks, marek
Attachment:
pgpkTt2JAuXqr.pgp
Description: PGP signature