public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
From: Wolfram Schlich <wschlich@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] net-mail/mailman-2.1.9-r2: Request for testing
Date: Tue, 27 Nov 2007 02:27:04 +0100	[thread overview]
Message-ID: <20071127012704.GA16769@bla.fasel.org> (raw)
In-Reply-To: <20071127011828.GH8405@bla.fasel.org>

* Wolfram Schlich <wschlich@gentoo.org> [2007-11-27 02:24]:
> * Hanno Böck <hanno@gentoo.org> [2007-11-26 15:39]:
> > [...]
> > So I'd like to unmask it soon. Please, if you're using mailman test it, tell 
> > me if it suits your needs or just give me feedback like "worksforme", I 
> > actually don't have a clue how many people really use this ebuild.
> 
> I get this using hardened-sources with activated grsecurity
> trusted path execution feature:
> 
> 2007-11-27 02:15:47 +01:00; alpha; kern.alert; kernel: grsec: From 127.0.0.6: \
> 	denied untrusted exec of /usr/lib/mailman/bin/mmsitepass by \
> 	/bin/bash[bash:14178] uid/euid:280/280 gid/egid:280/280, \
> 	parent /bin/bash[bash:14173] uid/euid:280/280 gid/egid:280/280
> 
> That's because /usr/lib/mailman/bin/ is group-writable.

Ok, that's not true :]

Using this configuration...
--8<--
CONFIG_GRKERNSEC_TPE=y
# CONFIG_GRKERNSEC_TPE_ALL is not set
CONFIG_GRKERNSEC_TPE_INVERT=y
CONFIG_GRKERNSEC_TPE_GID=1005
--8<--
...I have to add 'mailman' to group 1005.
-- 
Regards,
Wolfram Schlich <wschlich@gentoo.org>
Gentoo Linux * http://dev.gentoo.org/~wschlich/
--
gentoo-dev@gentoo.org mailing list



  reply	other threads:[~2007-11-27  1:31 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-11-26 14:36 [gentoo-dev] net-mail/mailman-2.1.9-r2: Request for testing Hanno Böck
2007-11-27  0:49 ` Wolfram Schlich
2007-11-27  1:11 ` Wolfram Schlich
2007-11-27  1:55   ` René 'Necoro' Neumann
2007-11-27 11:23     ` [gentoo-dev] " Duncan
2007-11-27  1:18 ` [gentoo-dev] " Wolfram Schlich
2007-11-27  1:27   ` Wolfram Schlich [this message]
2007-11-27  1:46     ` Wolfram Schlich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20071127012704.GA16769@bla.fasel.org \
    --to=wschlich@gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox