blob: 6d1d0389e65f9995b01e2aeb3881c21fe8a1010c (
plain) (
tree)
|
|
The check_perms_grsecurity.py script, if copied in your installed
~mailman/bin/ directory and run from there will modify permissions of
files so that Mailman with extra restrictions imposed by linux kernel security
patches like securelinux/openwall in 2.2.x or grsecurity in 2.4.x
The way it works is that it makes sure that the UID of any script that
touches config.pck is `mailman'. What this means however is that
scripts in ~mailman/bin will now only work if run as user mailman or
root (the script then changes its UID and GID to mailman).
To make grsecurity happy, we remove the group writeable bit on a directories
that contain binaries.
Enjoy
Marc MERLIN <marc_soft@merlins.org>/<marc_bts@vasoftware.com> - 2001/12/10
|