Summary: | net-mail/mailman-2.1.20 installs CGIs non-world-readable, breaks under lighttpd | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Christopher Head <bugs> |
Component: | [OLD] Server | Assignee: | Hanno Böck <hanno> |
Status: | RESOLVED UPSTREAM | ||
Severity: | normal | CC: | net-mail+disabled |
Priority: | Normal | Keywords: | InVCS, UPSTREAM |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Christopher Head
2011-12-31 00:34:08 UTC
I wasted about 2 hours of my life on this! The problem is that portage strips the read bit from setuid and setgid executables. There are a couple ways to prevent it. One is setting FEATURES=-sfperms when emerging mailman (not recommended). There's also a suidctl feature described in the make.conf(5) manpage. You could enable it and list all the ELF binaries in /etc/portage/suidctl.conf I suppose... I note that permissions for the CGI scripts are set to 2755 in src_install. Any reason not to do this in pkg_postinst instead? This bug hasn't been touched since 2014. net-mail/mailman is now at 2.1.20 and lighttpd is approaching 1.5.0. Can anyone reproduce or otherwise confirm this bug? If there's no reply within a week or so, I'll be marking this obsolete. Mailman-2.1.20 still installs its CGIs mode 2751. I am no longer using Lighttpd as my Web server on the machine that runs Mailman, but I assume the problem still exists as, when I reported it there, the Lighttpd developers considered it not a bug and refused to consider fixing it. Upstream has acknowledged and fixed the bug in git[1], so merging lighttpd-9999 will get the fix immediately. It will be available in 1.4.42, which (for now) is what I'll be targeting next for stability as 1.4.40 and 1.4.41 have known problems. 1: https://redmine.lighttpd.net/issues/2374 |