Terry, It should be quite possible to wrap the mailman cgi processes to its own UID on the web server. CGI scripts do not have to have the power and access of 'nobody' these days. Indeed, mailman is NOT designed to be a complete secure email system. Of this I am in total agreement. That does not, however, mean that using Mailman is an immediate security risk. There are usually many ways to secure a program. Just because the DOCS do not tell you, does not mean you should give up and either move to another product or accept the risks. Security is the responsibility of both the developer and end user, imho. To trust one or the other with absoluteness is a problem. Know the code you produce. Know the code you use. If you don't know how to audit code, then at least understand that there are other ways of minimizing possible problems via many other methods. Learn to identify, implement, and evaluate the effectiveness of your security measures. Then shoot for world peace. :-P On Thu, Dec 02, 1999 at 02:41:08PM +0000, Terry wrote: > jared, > > MailMan was intended as a comfort feature for users, an add-on per say. The > extra ability to check email anywhere instead of having to logon to the > system. It should not be used for absolute secure email use. If you use > MailMan and your users have the ability to make and use cgi-scripts, then it > will not matter what permissions you use. MailMan runs on your web-server and > thusly it runs as 'nobody' or whatever name you have given the web-server. > Also, your user's cgi's run as 'nobody' on the web server. So, if a user > creates a cgi that can access files and directories as nobody via the web, then > they can also access all the files that MailMan creates. > So you see, Mailman is absolutely not your solution if you want the most secure > email system. Yes changing the perms to 0600 and 0700 helps deter; however, it > does not protect absolutely from within the system. > If you wish a copy of a cgi script that I downloaded from the open web, that > does execute commands as 'nobody', just email me at the above address. -- I am Chris. Hi. <!--#include mail="christopherat_private" --> <!--#include name="Christopher Schulte" --> <!--#include site="www.schulte.org" -->
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:16:57 PDT