Hi Stephen,
Stephen J. Turnbull:
This is the issue. I don't know how the Debian packages do this, but I recommend having a 'mailman' user that owns everything and running commands as that user.
The Debian package uses user
listfor this. It also provides a commandmailman-wrapperwhich takes care of running mailman commands as this user.It would be awesome if the upstream /usr/bin/mailman command could take care of this automatically, making the wrapper command obsolete.
What precisely is "this"? We already have the mailman command; are you suggesting it should be suid/sgid mailman/list/whatever? That's pretty obviously a vulnerability. If there are any RCEs *anywhere* on your host, your Mailman is pwned. If you know your installation is secure enough or you just don't care, fine, chmod it yourself.
If not, how do you propose upstream "take care of it?"
Good question. Two options come into my mind:
- Provide a sudoers include file and make the mailmman command use sudo to run the actual commands as user mailman/list/whatever.
- Check if the command is run under expected UID/GID and error out if not. Probably a commandline argument to ignore this check would be required in that case.
I don't consider either of those solutions particularly clean. But it's a matter of fact that people will run mailman commands as user root, which results in logfiles, list files, etc. being created with owner root. Which in turn leads to errors since the mailman daemon is unable to further write to those files.
Cheers jonas