Dmitri Maziuk via Mailman-Users writes: > On Mon, 3 Dec 2018 10:30:53 -0500 > Jim Ziobro <l...@ziobro.rochester.ny.us> wrote: > ... > > Is the directory “/etc/mailman” group-writable only to support the > > creation of an aliases file?I would feel more confident if /etc/mailman > > was only writable by root. > > So basically unix user/group access model is wrong because sendmail > is full of bugs?
Please, Dmitri. All large software applications are full of bugs (starting with the brain of Homo so-called Sapiens). It's only good sense to respect POMP[1]. That said, this *is* minimum privilege. Mailman should *not* run as root. Sendmail should only be accessing /etc/mailman via a link to a specific file, and Mailman needs to be able to write that. QED. Even if you use a Postfix-like multiple executable model with a dedicated suid root binary to write Mailman's alias file, Mailman still specifies the content. (Yes, you could fiddle the system such that genaliases only overwrites an existing file, but that is fragile at best, and still give Mailman's user limited access to /etc/mailman.) So Dmitri does have a point. If you don't trust Mailman or your webserver (the two applications that should be running with Mailman group privileges), you're screwed anyway. I don't see why it matters whether the evil thing is in /etc/mailman (which only Mailman should be generically accessing: other applications should only rarely even read specific files there, such as an alias include file), or squirreled away elsewhere in Mailman-owned trees or those of the webserver. Saying a webserver that produces dynamic content and even reconfigures other applications should live entirely in read-only storage is a paradox. Steve Footnotes: [1] The Principle of Minimum Privilege. -- Associate Professor Division of Policy and Planning Science http://turnbull.sk.tsukuba.ac.jp/ Faculty of Systems and Information Email: turnb...@sk.tsukuba.ac.jp University of Tsukuba Tel: 029-853-5175 Tennodai 1-1-1, Tsukuba 305-8573 JAPAN ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
