diff options
| author | Mark Sapiro <mark@msapiro.net> | 2014-06-06 13:27:44 -0700 |
|---|---|---|
| committer | Mark Sapiro <mark@msapiro.net> | 2014-06-06 13:27:44 -0700 |
| commit | 4935b951b3e1a6aae107c7d04830c0ffc63aaf52 (patch) | |
| tree | b05fb27e4e9ecfd3b04eb6aed5fc5270d9329d32 | |
| parent | 1bbdb3ac38c2ee6f3704694c49069d7d4e383ae3 (diff) | |
| download | mailman2-4935b951b3e1a6aae107c7d04830c0ffc63aaf52.tar.gz mailman2-4935b951b3e1a6aae107c7d04830c0ffc63aaf52.tar.xz mailman2-4935b951b3e1a6aae107c7d04830c0ffc63aaf52.zip | |
Mailman's log files, request.pck files and heldmsg-* files are no
longer created world readable to protect against access by untrusted
local users.
Diffstat (limited to '')
| -rwxr-xr-x | Mailman/ListAdmin.py | 4 | ||||
| -rw-r--r-- | Mailman/Logging/Logger.py | 2 | ||||
| -rwxr-xr-x | NEWS | 13 |
3 files changed, 14 insertions, 5 deletions
diff --git a/Mailman/ListAdmin.py b/Mailman/ListAdmin.py index a4edfbba..877aa5c4 100755 --- a/Mailman/ListAdmin.py +++ b/Mailman/ListAdmin.py @@ -101,7 +101,7 @@ class ListAdmin: # should we be as paranoid as for the config.pck file? Should we # use pickle? tmpfile = self.__filename + '.tmp' - omask = os.umask(002) + omask = os.umask(007) try: fp = open(tmpfile, 'w') try: @@ -194,7 +194,7 @@ class ListAdmin: else: ext = 'txt' filename = 'heldmsg-%s-%d.%s' % (self.internal_name(), id, ext) - omask = os.umask(002) + omask = os.umask(007) try: fp = open(os.path.join(mm_cfg.DATA_DIR, filename), 'w') try: diff --git a/Mailman/Logging/Logger.py b/Mailman/Logging/Logger.py index 617347d4..f3d30164 100644 --- a/Mailman/Logging/Logger.py +++ b/Mailman/Logging/Logger.py @@ -60,7 +60,7 @@ class Logger: return self.__fp else: try: - ou = os.umask(002) + ou = os.umask(007) try: try: f = codecs.open( @@ -7,11 +7,20 @@ Here is a history of user visible changes to Mailman. 2.1.19 (xx-xxx-xxxx) + Changed behavior + + - Mailman's log files, request.pck files and heldmsg-* files are no + longer created world readable to protect against access by untrusted + local users. Note that permissions on existing log files won't be + changed so if you are concerned about this and don't rotate logs or + have a logrotate process that creates new log files instead of letting + Mailman create them, you will need to address that. (LP: #1327404) + + Bug fixes and other patches + - If checking DNS for dmarc_moderation_action and DNS lookup is not available, log it. (LP: #1324541) - Bug fixes and other patches - - Handle missing From: header addresses for DMARC mitigation actions. (LP: #1318025) |