Skip to main content.
home | support | download

Back to List Archive

Re: [swish-e] Request for help: Getting swish.cgi to run without taint complaints

From: at <Peter>
Date: Fri, 13 Jan 2012 09:16:04 +0000
On 10/01/12 13:43, David Partain wrote:
> Greetings,
> I run a small mailman site inside my company and had swish-e indexing 
> correctly and searchable using swish.cgi for a while, but I believe a 
> CentOS upgrade changed something (I believe).  I've been fighting to get 
> it working again but without success.  Before I go entirely bald, I'm 
> hoping someone here can point me at the obvious (and probably silly) 
> thing I'm doing.

I have had similar problems with Red Hat (on which CentOS is based) on a
site I run using LISTSERV rather than mailman.

It seems that Red Hat, in their infinite wisdom, take it upon themselves
to *change* the permissions and ownership of files and directories they
deem to be "wrong". In my case, this included removing the sticky bit
from the LISTSERV CGI binary, and changing the ownership of
/var/log/httpd [back] to root (making it impossible for my own CGI
scripts to write logging into files in there).

They mean well, but they are very ignorant of the practicalities of
running web services.

> [Tue Jan 10 14:35:08 2012] [error] [client] 
> /usr/lib/mailman/cgi-bin/swish.cgi aborted: Insecure dependency in exec 
> while running setgid at /usr/lib/mailman/cgi-bin/swish.cgi line 2135., 

SETGID probably needs elevated privileges.

Users mailing list
Received on Fri Jan 13 2012 - 09:16:19 GMT