diff options
| -rw-r--r-- | README.LINUX | 7 | ||||
| -rw-r--r-- | contrib/securelinux_fix.py | 14 |
2 files changed, 12 insertions, 9 deletions
diff --git a/README.LINUX b/README.LINUX index 0d2e2f3d7..d2d5d9b45 100644 --- a/README.LINUX +++ b/README.LINUX @@ -1,5 +1,5 @@ Mailman - The GNU Mailing List Management System -Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. +Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA GNU/LINUX ISSUES @@ -15,6 +15,11 @@ can cause "Operation not permitted" errors in MailList.Save() -- you will see a traceback. You must turn restricted hardlinks off. This is also known under the name of Openwall Security Patches. +There is a workaround for this problem, you can use securelinux_fix.py +in the contrib directory (see the README.securelinux_fix.py). Note +that the script will not work until you move it in your installed +Mailman tree in the bin directory. + Local Variables: diff --git a/contrib/securelinux_fix.py b/contrib/securelinux_fix.py index 784bbc6d8..21b82140e 100644 --- a/contrib/securelinux_fix.py +++ b/contrib/securelinux_fix.py @@ -1,6 +1,6 @@ #! /usr/bin/env python # -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -25,12 +25,12 @@ the programs in the bin tree (the ones that lock config.db files) are SUID Mailman. The idea is that config.db files have to be owned by the mailman UID and only touched by programs that are UID mailman. -If you have to run check_perms -f, make sure to also run %(PROGRAM) -f, which -applies the necessary permission fixes +If you have to run check_perms -f, make sure to also run securelinux_fix.py +-f, which applies the necessary permission fixes. -As a result, to prevent anyone from running priviledged Mailman commands -\(since the scripts are suid), binary commands that are changed to be SUID are -also unreadable and unrunable by people who aren't in the mailman group. This +As a result, to prevent anyone from running privileged Mailman commands (since +the scripts are suid), binary commands that are changed to be SUID are also +unreadable and unrunnable by people who aren't in the mailman group. This shouldn't affect much since most of those commands would fail work if you weren't part of the mailman group anyway. @@ -46,8 +46,6 @@ from Mailman import mm_cfg from Mailman.mm_cfg import MAILMAN_UID, MAILMAN_GID from stat import * -PROGRAM = sys.argv[0] - # Those are the programs that we patch so that they insist being run under the # mailman uid or as root. binfilestopatch= ( 'add_members', 'check_db', 'clone_member', |