Subject: The mailing list for listmasters using Sympa
List archive
Re: [sympa-users] Really important: anyone can become listmaster!
- From: David Verdin <address@concealed>
- To: address@concealed
- Subject: Re: [sympa-users] Really important: anyone can become listmaster!
- Date: Fri, 3 Jun 2016 15:39:29 +0200
|
Hi Simone, Please show us: 1- the value of you create_list parameter in the sympa.conf 2- the corresponding scenario. These are the settings that define who can request a list creation - which does not mean the list is automatically created, it can be moderated. Regards, David Le 03/06/2016 à 11:08, Simone Dal Maso
(via sympa-users Mailing List) a écrit :
Hello,
I have a really great problem. On my Sympa 6.1.23 anyone can become a list creator. Steps to reproduce it is very easy: 1. Go to the /wws sympa interface and request a new password. 2. Click the link on the email and you must type your password, but already in this situation you can see the name of the lists, and one is absolutely private! After you digit your password you are the boss. You can create one list and make what you want! Please, what I'm missing? It is absolutely not acceptable this kind of policy, but I think I make a great mistake, but I don't know what... Just a question, is it important the ip address? Since I'm using my server as a proxy, the ip address is 127.0.0.1. Is Sympa reading this information and so decide that I am the super admin anyway? --
A bug in Sympa? Quick! To the bug tracker!
| ||||||
Attachment:
smime.p7s
Description: Signature cryptographique S/MIME
-
[sympa-users] Really important: anyone can become listmaster!,
Simone Dal Maso, 06/03/2016
- Re: [sympa-users] Really important: anyone can become listmaster!, David Verdin, 06/03/2016
Archive powered by MHonArc 2.6.19+.