Ran into a fun one the other day. I came to work, tried to log onto one of my lists, and started getting server errors out of the web server. Mailman was broken.
So I immediately went to my assistant to see if he'd changed anything -- and it was working for him. Borrowed a co-worker's computer, and sure enough, the system was working fine, except when I tried to use it. Restarted the browser. Nothing. Cleared the cache. Rebooted my desktop. Restarted the web server. After 20 minutes or so, I finally tracked it down. Some other site at apple had lodged a cookie in my browser. When Mailman tried to read my cookies to validate my browser, it was causing the admin CGI to core dump. This is bad on any number of levels. Mailman 2.0.5 isn't reading cookies right; it seems to be making assumptions about what will be there. The cookie (no, I don't have details about what was IN it) was set to "apple.com". Why that would affect a program reading cookies for www.lists.apple.com, I dunno. But it ALSO bothers me that I can create a cookie that not only affects mailman, but causes the CGI to core-dump. IT seems to me there's a serious opportunity for havoc. Barry, I think you need to take a look at your cookie code, and look for ways to bullet-proof it. It seems to have some assumptions that I found out the hard way aren't safe. _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers
