[Mailman-Users] Security consequences of adding www user to mailman group

James Riendeau Thu, 18 Dec 2008 23:40:41 -0800

I need to run bin/add_member in our Mailman 2.1.11 list serverinstallation from a cgi/perl script. Normally, it has to run asroot. The easy solution was to add the www user to the mailmangroup. You can then:


open(LISTSERVER, '|/usr/local/mailman/bin/add_members -r- '.$list_name);
print LISTSERVER $email;
close(LISTSERVER);

My question is are there any security consequences from adding theApache2 user to the mailman group I should be aware of. I don't wantto inadvertently allow spammers to add themselves to our lists. Thecgi script that I'm using is well protected by pubcookie and iprestriction to ensure that only authorized administrators can add newaddresses.


Thanks,

James Riendeau
MMI Computer Support Technician
Rm. 1541, Dept. of MedMicro
1550 Linden Drive
Madison, WI  53706-1521

Phone: (608) 262-3351
After-hours Phone: (608) 260-2696
Fax: (608) 262-8418
Email: jtrie...@wisc.edu

------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

[Mailman-Users] Security consequences of adding www user to mailman group

Reply via email to