I'm running a hardened Gentoo server with TPE (trusted path execution) enabled. When trying to follow the mailman post-install instructions at /usr/share/doc/mailman-2.1.14/README.gentoo.bz2, the following fails:
-su: bin/mmsitepass: /usr/bin/python: bad interpreter: Permission denied
dmesg reports the following:
grsec: From 10.12.0.31: denied untrusted exec of /usr/lib64/mailman/bin/mmsitepass by /bin/bash[bash:26493] uid/euid:280/280 gid/egid:280/280, parent /bin/bash[bash:18627] uid/euid:280/280 gid/egid:280/280
I'm guessing the rest of the mailman installation also has these problems. Disabling TPE (globally or for mailman) is a workaround for the bin/mmsitepass failure. However, security-wise it's not a good option. The mailman binaries should be owned and writeable only by root.
Please make net-mail/mailman install itself in a completely TPE-independent manner.
The problem is a known mailman problem. Mailman ships with two scripts to fix these:
You need to run:
There is a bug in check_perms_grsecurity.py however. Filing a bug report for it know.
Doubly-obsolete: We don't have mailman2 any more and don't support grsec any longer, which is now proprietary.