[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: what's up with security?

** On May 25, Joey Hess scribbled:

> - Mailman 2.0beta1 has some sort of "Security patch when using
>   external archivers". Information on this one is scarce.
Also mailman has a problem with symlinks when running on a kernel with the
Solar Designer's openwall security patch. Namely, mailman creates temporary
files when moving them around using hardlinks. In general, it does the
hardlinks in the same directory where the file sits and if the directory
has the t bit set, openwall patch forbids mailman to create the hardlink.
Same goes when /tmp is used for hardlinking. It's a totally flawed way of
moving files around, but inspite a discussion on that topic somewhere last
year, nobody changed it - for me, personally, mailman became unusable.


Attachment: pgpU2ZfxaSe5x.pgp
Description: PGP signature

Reply to: