Re: [Mailman-Users] Testing STEALTH_MODE = 1

[Tom Skelley]

Thanks, that was exactly what I needed! The version of Mailman is a bit
later than 2.1.6, but it's still pretty old. Have to be a bit cagey as it's
not my install. I suspect that whoever turned off stealth mode to test and
then never turned it back on again.

Out of interested, is there an ETA on a production release of Mailman 3.x ?

Thanks again!

Tom
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Testing STEALTH_MODE = 1

[Tom Skelley]

Hi All,
  A bit of an odd question this one. I'm new to Mailman, and one of my
customers has just had an external audit. As part of the audit an advisory
was given that too much information was given when an Apache query was
executed. This turns out to be from the /mailman/create script.

I've found that setting STEALTH_MODE = 1 in mailman/scripts/driver should
fix the problem, but I need to test it. Is there a way to force an error
through the web interface?

I've tried changing file permissions on the python binary, changing file
permissions on the .py and .pyc scripts, trying to import non-existant
modules etc, but I can't manage to get it to dump a stack trace.

Any help greatfully received.

Tom
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org