Re: Mailman, hard links and the Openwall
On Mon, 29 Nov 1999, Marek Habersack wrote:
> * Gergely Madarasz said:
>
> > > it makes hard links in /tmp? this seems like bad design in general
> > > as many people have /var and / (and/or /tmp) on separate partitions
> > > in which case hard links won't work anyway, patch or not.
> >
> > No, it doesn't make hard links in /tmp. It makes hard links within
> It doesn't make cross fs links, true.
>
> > /var/lib/mailman/lists, sometimes as a different user as the file was
> > originally created with (mail, www-data and list are the possibilities).
> The /var/lib/mailman/lists catalog is SGID 'list' but files are owned by
> root.lists (why?) - I see no reason for Mailman to run as root (!!), it's
> more reasonable to run it as lists and make the entire tree owned by this
> user. That's how I changed my setup - Mailman always runs as list and the
> tree belongs to list.
Currently mailman runs as gid list, with the uid of the webserver or the
uid of the mailserver. The files get owned by root if you create the list
as root. It justs sets the gid.
> > I haven't read the original problem so I don't know what is exactly the
> > case, but for example solar designers secure linux patch prevents
> > hardlinks like this, so it can't be used with mailman :/
> Exactly what the original problem was about. I'm using the Solar Desginer's
> patch and Mailman works provided I make the changes described above. I think
> they should be the default for each and every package that uses hardlinks
> for any reason.
Yeah, if /var/lib/mailman/* is all list user and the wrappers are not just
setgid wrappers, but setuid wrappers too, then this should work.
--
Madarasz Gergely gorgo@caesar.elte.hu gorgo@linux.rulez.org
It's practically impossible to look at a penguin and feel angry.
Egy pingvinre gyakorlatilag lehetetlen haragosan nezni.
HuLUG: http://mlf.linux.rulez.org/
Reply to: