** On May 25, Gergely Madarasz scribbled: > On Thu, 25 May 2000, Marek Habersack wrote: > > > Also mailman has a problem with symlinks when running on a kernel with the > > Solar Designer's openwall security patch. Namely, mailman creates temporary > > files when moving them around using hardlinks. In general, it does the > > hardlinks in the same directory where the file sits and if the directory > > has the t bit set, openwall patch forbids mailman to create the hardlink. > > Same goes when /tmp is used for hardlinking. It's a totally flawed way of > > moving files around, but inspite a discussion on that topic somewhere last > > year, nobody changed it - for me, personally, mailman became unusable. > > Wrong. Mailman never touches anything in +t directories. Openwall (and I don't know (or want to know) Python well enough to examine the Mailman sources carefully, what I know is that I get an error message on console every time anyone posts anything that gets processed by Mailman and the _only_ +t directories Mailman has access to are /tmp, /var/tmp... > Solar Designer's patch) restricts hardlinks in any directory, so one From the OW README: Restricted links in /tmp -------------------------- I've also added a link-in-+t restriction, originally for Linux 2.0 only, ^^^^^^^^^^^ by Andrew Tridgell. I've updated it to prevent from using a hard link in an attack instead, by not allowing regular users to create hard links to files they don't own. This is usually the desired behavior anyway, since ^^^^^^^^^ otherwise users couldn't remove such links they've just created in a +t directory, and because of disk quotas. > can't _HARD_link to an already existing file if it's owned by someone that's what I said, hardlink. > else even if one has write access to it. This is a flaw in mailmans > design, it uses group permissions to handle stuff (and uses the web user, > mail user, and the local mailman/list user for different tasks). Exactly. That was the reason Mailman stopped working for me and I had to ditch it, although I wasn't happy about that. And a flaw in design is a bug no matter from what direction one looks at it. marek
Attachment:
pgpDzYcArwBzu.pgp
Description: PGP signature