Bug 704699

Summary: possible security issue with mailman permissions
Product: Red Hat Enterprise Linux 6 Reporter: Florian La Roche <florian.laroche>
Component: mailmanAssignee: Jan Kaluža <jkaluza>
Status: CLOSED ERRATA QA Contact: qe-baseos-daemons
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0CC: azelinka, ovasik, pkovar
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: mailman-2.1.12-17.el6 Doc Type: Bug Fix
Doc Text:
Previously, a number of Python scripts and subdirectories in the /usr/lib/mailman/ directory were group writable. As a result, the respective files and subdirectories could have been changed not only by the owner, but also by other users in the same user group. This undesired behavior has been resolved in this update so that only the owner can now change the files and subdirectories.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-07 13:06:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Florian La Roche 2011-05-14 04:47:15 UTC 
Description of problem:

Maybe https://bugzilla.redhat.com/show_bug.cgi?id=701539 is a security
item you want to fix also for the RHEL product line.

best regards,

Florian La Roche


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 3 Jan Kaluža 2011-06-02 19:43:06 UTC 
*** Bug 700777 has been marked as a duplicate of this bug. ***
Comment 5 Petr Kovar 2011-06-28 13:31:57 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, a number of Python scripts and subdirectories in the /usr/lib/mailman/ directory were group writable. As a result, the respective files and subdirectories could have been changed not only by the owner, but also by other users in the same user group. This undesired behavior has been resolved in this update so that only the owner can now change the files and subdirectories.
Comment 8 errata-xmlrpc 2011-09-07 13:06:09 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1275.html