[PATCH/RFC] mailman: Use Mailman's Secure_MakeRandomPassword() for list passwords
Todd Zullinger
tmz at pobox.com
Fri Aug 21 21:51:23 UTC 2009
This should generate a bit stronger passwords than the previous code,
which encoded the passwords as hex, limiting the characters in the
password to the set [0-9a-f].
---
The mailman_server class is only included on collab[12] and hosted1,
so it isn't actually affected by the current freeze policy. But I
still wanted to float this by the list for comments and review.
The current fedora-mailing-list-setup script creates a list password
using:
file('/dev/urandom', 'r').read(4).encode('hex')
This seems to be a good bit weaker than it needs to be. Unless
someone has better alternatives for creating decent list passwords, I
suggest we take advantage of Mailman.Utils.Secure_MakeRandomPassword()
from mailman. The Secure_MakeRandomPassword() code is in:
/usr/lib/mailman/Mailman/Utils.py
configs/mailman/fedora-mailing-list-setup | 2 +-
modules/mailman/files/fedora-mailing-list-setup | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/configs/mailman/fedora-mailing-list-setup b/configs/mailman/fedora-mailing-list-setup
index 8ccdda7..80b2c58 100755
--- a/configs/mailman/fedora-mailing-list-setup
+++ b/configs/mailman/fedora-mailing-list-setup
@@ -62,7 +62,7 @@ def create_list(listname, owner_mail):
host_name = mm_cfg.DEFAULT_EMAIL_HOST
web_page_url = mm_cfg.DEFAULT_URL_PATTERN % urlhost
- listpasswd = file('/dev/urandom', 'r').read(4).encode('hex')
+ listpasswd = Utils.Secure_MakeRandomPassword(mm_cfg.ADMIN_PASSWORD_LENGTH)
mlist = MailList.MailList()
try:
diff --git a/modules/mailman/files/fedora-mailing-list-setup b/modules/mailman/files/fedora-mailing-list-setup
index 7d5dcd3..bf10b81 100755
--- a/modules/mailman/files/fedora-mailing-list-setup
+++ b/modules/mailman/files/fedora-mailing-list-setup
@@ -62,7 +62,7 @@ def create_list(listname, owner_mail):
host_name = mm_cfg.DEFAULT_EMAIL_HOST
web_page_url = mm_cfg.DEFAULT_URL_PATTERN % urlhost
- listpasswd = file('/dev/urandom', 'r').read(4).encode('hex')
+ listpasswd = Utils.Secure_MakeRandomPassword(mm_cfg.ADMIN_PASSWORD_LENGTH)
mlist = MailList.MailList()
try:
--
1.6.4
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We waste more time by 8:00 in the morning than other companies do all
day.
More information about the Fedora-infrastructure-list
mailing list