diff options
| author | bwarsaw <> | 2003-09-28 16:03:34 +0000 |
|---|---|---|
| committer | bwarsaw <> | 2003-09-28 16:03:34 +0000 |
| commit | d666f545ea57d63e7fb68d3e5058182894a77f0c (patch) | |
| tree | 1fcf1c1232dc0ae69ab9dd72c731e6c16be30bbc | |
| parent | 3204bcfd6e091ab14b3ed89fc323fcc1b7f657a2 (diff) | |
| download | mailman2-d666f545ea57d63e7fb68d3e5058182894a77f0c.tar.gz mailman2-d666f545ea57d63e7fb68d3e5058182894a77f0c.tar.xz mailman2-d666f545ea57d63e7fb68d3e5058182894a77f0c.zip | |
MailList.__init__(): When trying to execfile extend.py, we ignore
ENOENT but log all other IOErrors instead of propagating them up.
Closes a tiny exploit found by Ned Dawes.
Backported from HEAD.
| -rw-r--r-- | Mailman/MailList.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/Mailman/MailList.py b/Mailman/MailList.py index 9979d221..ad3aa7e8 100644 --- a/Mailman/MailList.py +++ b/Mailman/MailList.py @@ -112,7 +112,11 @@ class MailList(HTMLFormatter, Deliverer, ListAdmin, try: execfile(filename, dict) except IOError, e: - if e.errno <> errno.ENOENT: raise + # Ignore missing files, but log other errors + if e.errno == errno.ENOENT: + pass + else: + syslog('error', 'IOError reading list extension: %s', e) else: func = dict.get('extend') if func: |