Der Mailman-ssls-Patch vom 18.07.2009 enthält Fehler. Mails können unverschlüsselt versandt werden, wenn der Schlüssel des Empfängers ungültig ist, obwohl im das Webinterface "Force" (erzwingen) ausgewählt wurde. Außerdem können Administratoren keine Schlüssel austauschen, beim Austragen eines Mitglieds wird der alte Schlüssel nicht gelöscht. Die ersten beiden Fehler sind mit dem folgenden Patch gegen das
hier verlinkte Sourcecode-Paket leicht zu beheben:
diff -urB mailman-2.1.12.bak/Mailman/Cgi/options.py mailman-2.1.12.new/Mailman/Cgi/options.py
--- mailman-2.1.12.bak/Mailman/Cgi/options.py 2009-07-18 11:25:52.000000000 +0200
+++ mailman-2.1.12.new/Mailman/Cgi/options.py 2009-08-22 10:56:18.000000000 +0200
@@ -234,14 +234,13 @@
else:
# Site and list admins are treated equal so that list admin can pass
# site admin test. :-(
- user_or_siteadmin_context = (mm_cfg.AuthUser,)
+ user_or_siteadmin_context = (mm_cfg.AuthUser, )
is_user_or_siteadmin = mlist.WebAuthenticate(
user_or_siteadmin_context, password, user)
+ is_siteadmin = mlist.WebAuthenticate((mm_cfg.AuthSiteAdmin, ), password, user)
+ is_listadmin = mlist.WebAuthenticate((mm_cfg.AuthListAdmin, ), password, user)
# Authenticate, possibly using the password supplied in the login page
- if not is_user_or_siteadmin and \
- not mlist.WebAuthenticate((mm_cfg.AuthListAdmin,
- mm_cfg.AuthSiteAdmin),
- password, user):
+ if not (is_user_or_siteadmin or is_siteadmin or is_listadmin):
# Not authenticated, so throw up the login page again. If they tried
# to authenticate via cgi (instead of cookie), then print an error
# message.
@@ -474,9 +473,9 @@
# Check wether user tries to replace old key
# (One has to unsubscribe and subscribe, so that listmaster gets
- # notification)
+ # notification.) Admins can get around this.
oldkeyids = mlist.getGPGKeyIDs(user)
- if oldkeyids:
+ if oldkeyids and not (is_listadmin or is_siteadmin):
syslog('gpg','Disallowing replacing public key of user %s, list %s', user, mlist.real_name)
# display error, exit
doc.addError(_("""For security reasons, it is not allowed to change an
diff -urB mailman-2.1.12.bak/Mailman/Handlers/SMTPDirect.py mailman-2.1.12.new/Mailman/Handlers/SMTPDirect.py
--- mailman-2.1.12.bak/Mailman/Handlers/SMTPDirect.py 2009-07-18 11:25:52.000000000 +0200
+++ mailman-2.1.12.new/Mailman/Handlers/SMTPDirect.py 2009-08-22 12:03:33.000000000 +0200
@@ -388,7 +388,7 @@
else:
ciphertext = gh.encryptSignMessage(plaintext,keyids)
if ciphertext==None:
- if mlist.gpg_distrib_encrypt=='2' or mlist.gpg_distrib_encrypt=='Force':
+ if mlist.gpg_distrib_encrypt==2 or mlist.gpg_distrib_encrypt=='Force':
syslog('gpg',"Can't encrypt message to %s: " \
"Discarding message",keyids)
failures[recip]=(550,'Unable to encrypt message')
(Um den SSL-Teil habe ich mich nicht gekümmert.)