aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMark Sapiro <mark@msapiro.net>2017-06-06 14:44:09 -0700
committerMark Sapiro <mark@msapiro.net>2017-06-06 14:44:09 -0700
commitb10ddd1173595992cd02748d8fcc633199b1b873 (patch)
tree41a6eaa6e2af5f2dd54bbf70984a931746cb91d1
parent4d3f440efd8b01cd16cb0d0644cac5fce3609b46 (diff)
downloadmailman2-b10ddd1173595992cd02748d8fcc633199b1b873.tar.gz
mailman2-b10ddd1173595992cd02748d8fcc633199b1b873.tar.xz
mailman2-b10ddd1173595992cd02748d8fcc633199b1b873.zip
Ensure aliases.db and virtual-mailman.db are world readable and owned
by the Mailman user.
Diffstat (limited to '')
-rw-r--r--Mailman/MTA/Postfix.py28
-rw-r--r--NEWS4
2 files changed, 29 insertions, 3 deletions
diff --git a/Mailman/MTA/Postfix.py b/Mailman/MTA/Postfix.py
index aed36bc4..b829ad6e 100644
--- a/Mailman/MTA/Postfix.py
+++ b/Mailman/MTA/Postfix.py
@@ -35,6 +35,9 @@ from Mailman.Logging.Syslog import syslog
LOCKFILE = os.path.join(mm_cfg.LOCK_DIR, 'creator')
ALIASFILE = os.path.join(mm_cfg.DATA_DIR, 'aliases')
VIRTFILE = os.path.join(mm_cfg.DATA_DIR, 'virtual-mailman')
+# Desired mode for aliases(.db) and virtual-mailman(.db) for both creation
+# and check_perms.
+targetmode = S_IFREG | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH
try:
True, False
@@ -45,6 +48,22 @@ except NameError:
def _update_maps():
+ # Helper function to fix owner and mode.
+ def fixom(file):
+ # It's not necessary for the non-db file to be S_IROTH, but for
+ # simplicity and compatibility with check_perms, we set it.
+ stat = os.stat(file)
+ if (stat[ST_MODE] & targetmode) <> targetmode:
+ os.chmod(file, stat[ST_MODE] | targetmode)
+ dbfile = file + '.db'
+ stat = os.stat(dbfile)
+ if (stat[ST_MODE] & targetmode) <> targetmode:
+ os.chmod(dbfile, stat[ST_MODE] | targetmode)
+ user = mm_cfg.MAILMAN_USER
+ if stat[ST_UID] != pwd.getpwnam(user)[2]:
+ uid = pwd.getpwnam(user)[2]
+ gid = grp.getgrnam(mm_cfg.MAILMAN_GROUP)[2]
+ os.chown(dbfile, uid, gid)
msg = 'command failed: %s (status: %s, %s)'
acmd = mm_cfg.POSTFIX_ALIAS_CMD + ' ' + ALIASFILE
status = (os.system(acmd) >> 8) & 0xff
@@ -52,6 +71,8 @@ def _update_maps():
errstr = os.strerror(status)
syslog('error', msg, acmd, status, errstr)
raise RuntimeError, msg % (acmd, status, errstr)
+ # Fix owner and mode of .db if needed.
+ fixom(ALIASFILE)
if os.path.exists(VIRTFILE):
vcmd = mm_cfg.POSTFIX_MAP_CMD + ' ' + VIRTFILE
status = (os.system(vcmd) >> 8) & 0xff
@@ -59,6 +80,8 @@ def _update_maps():
errstr = os.strerror(status)
syslog('error', msg, vcmd, status, errstr)
raise RuntimeError, msg % (vcmd, status, errstr)
+ # Fix owner and mode of .db if needed.
+ fixom(VIRTFILE)
@@ -387,7 +410,6 @@ def remove(mlist, cgi=False):
def checkperms(state):
- targetmode = S_IFREG | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP
for file in ALIASFILE, VIRTFILE:
if state.VERBOSE:
print C_('checking permissions on %(file)s')
@@ -400,7 +422,7 @@ def checkperms(state):
if stat and (stat[ST_MODE] & targetmode) <> targetmode:
state.ERRORS += 1
octmode = oct(stat[ST_MODE])
- print C_('%(file)s permissions must be 066x (got %(octmode)s)'),
+ print C_('%(file)s permissions must be 0664 (got %(octmode)s)'),
if state.FIX:
print C_('(fixing)')
os.chmod(file, stat[ST_MODE] | targetmode)
@@ -439,7 +461,7 @@ def checkperms(state):
if stat and (stat[ST_MODE] & targetmode) <> targetmode:
state.ERRORS += 1
octmode = oct(stat[ST_MODE])
- print C_('%(dbfile)s permissions must be 066x (got %(octmode)s)'),
+ print C_('%(dbfile)s permissions must be 0664 (got %(octmode)s)'),
if state.FIX:
print C_('(fixing)')
os.chmod(dbfile, stat[ST_MODE] | targetmode)
diff --git a/NEWS b/NEWS
index 9b6d4753..ee6e8449 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,10 @@ Here is a history of user visible changes to Mailman.
Bug fixes and other patches
+ - Fixed MTA/Postfix.py to ensure that created aliases(.db) and
+ virtual-mailman(.db) files are readable by Postfix and the .db files are
+ owned by the Mailman user. (LP: #1696066)
+
- Defended against certain web attacks that cause exceptions and "we hit
a bug" responses when POST data or query fragments contain multiple
values for the same parameter. (LP: #1695667)