2 files changed, 10 insertions, 0 deletions

diff --git a/src/common.c b/src/common.c
index 2138c3ba3..d2fe01ee9 100644
--- a/src/common.c
+++ b/src/common.c
@@ -134,6 +134,12 @@ check_caller(const char* ident, GID_T parentgid)
 /* list of environment variables which are removed from the given
  * environment.  Some may or may not be hand crafted and passed into
  * the execv'd environment.
+ *
+ * TBD: The logic of this should be inverted.  IOW, we should audit the
+ * Mailman CGI code for those environment variables that are used, and
+ * specifically white list them, removing all other variables.  John Viega
+ * also suggests imposing a maximum size just in case Python doesn't handle
+ * them right (which it should because Python strings have no hard limits).
  */
 static char* killenvars[] = {
 	"PYTHONPATH=",
@@ -149,6 +155,8 @@ static char* killenvars[] = {
  * args[0] should be the abs path to the Python script to execute
  * argv[1:] are other args for the script
  * env may or may not contain PYTHONPATH, we'll substitute our own
+ *
+ * TBD: third argument env may not be universally portable
  */
 int
 run_script(const char* script, int argc, char** argv, char** env)
diff --git a/src/vsnprintf.c b/src/vsnprintf.c
index 0121c74c9..637ccc38c 100644
--- a/src/vsnprintf.c
+++ b/src/vsnprintf.c
@@ -35,6 +35,8 @@
  *
  * RMS says it's okay to include this code in Mailman but it should be kept
  * in a separate file.
+ *
+ * TBD: This file needs a security audit.
  */
 
 #ifndef HAVE_VSNPRINTF