public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download: 
* Re: [gentoo-dev] net-mail/mailman-2.1.9-r2: Request for testing
  @ 2007-11-27  1:46 99%     ` Wolfram Schlich
  0 siblings, 0 replies; 1+ results
From: Wolfram Schlich @ 2007-11-27  1:46 UTC (permalink / raw
  To: gentoo-dev

* Wolfram Schlich <wschlich@gentoo.org> [2007-11-27 02:31]:
> * Wolfram Schlich <wschlich@gentoo.org> [2007-11-27 02:24]:
> > * Hanno Böck <hanno@gentoo.org> [2007-11-26 15:39]:
> > > [...]
> > > So I'd like to unmask it soon. Please, if you're using mailman test it, tell 
> > > me if it suits your needs or just give me feedback like "worksforme", I 
> > > actually don't have a clue how many people really use this ebuild.
> > 
> > I get this using hardened-sources with activated grsecurity
> > trusted path execution feature:
> > 
> > 2007-11-27 02:15:47 +01:00; alpha; kern.alert; kernel: grsec: From 127.0.0.6: \
> > 	denied untrusted exec of /usr/lib/mailman/bin/mmsitepass by \
> > 	/bin/bash[bash:14178] uid/euid:280/280 gid/egid:280/280, \
> > 	parent /bin/bash[bash:14173] uid/euid:280/280 gid/egid:280/280
> > 
> > That's because /usr/lib/mailman/bin/ is group-writable.
> 
> Ok, that's not true :]
> 
> Using this configuration...
> --8<--
> CONFIG_GRKERNSEC_TPE=y
> # CONFIG_GRKERNSEC_TPE_ALL is not set
> CONFIG_GRKERNSEC_TPE_INVERT=y
> CONFIG_GRKERNSEC_TPE_GID=1005
> --8<--
> ...I have to add 'mailman' to group 1005.

Ok, it get's worse: for the mailman webinterface, I'd have to add
'apache' to group 1005 as well, opening up even bigger holes.
No way! So, emerge -C mailman, that is :(
Too bad.
-- 
Regards,
Wolfram Schlich <wschlich@gentoo.org>
Gentoo Linux * http://dev.gentoo.org/~wschlich/
--
gentoo-dev@gentoo.org mailing list



^ permalink raw reply	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2007-11-26 14:36     [gentoo-dev] net-mail/mailman-2.1.9-r2: Request for testing Hanno Böck
2007-11-27  1:18     ` Wolfram Schlich
2007-11-27  1:27       ` Wolfram Schlich
2007-11-27  1:46 99%     ` Wolfram Schlich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox