=== modified file 'Mailman/Defaults.py.in'
--- Mailman/Defaults.py.in	2008-06-18 18:43:31 +0000
+++ Mailman/Defaults.py.in	2008-06-29 00:35:55 +0000
@@ -109,6 +109,11 @@
 # name of the temporary file that the program should operate on.
 HTML_TO_PLAIN_TEXT_COMMAND = '/usr/bin/lynx -dump %(filename)s'
 
+# A Python regular expression character class which defines the characters
+# allowed in list names.  Lists cannot be created with names containing any
+# character that doesn't match this class.
+ACCEPTABLE_LISTNAME_CHARACTERS = '[-+_.=a-z0-9]'
+
 
 
 #####

=== modified file 'Mailman/MTA/Utils.py'
--- Mailman/MTA/Utils.py	2005-08-27 01:40:17 +0000
+++ Mailman/MTA/Utils.py	2008-06-28 00:54:09 +0000
@@ -1,4 +1,4 @@
-# Copyright (C) 2001,2002 by the Free Software Foundation, Inc.
+# Copyright (C) 2001-2008 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,6 +17,7 @@
 """Utilities for list creation/deletion hooks."""
 
 import os
+import re
 import pwd
 
 from Mailman import mm_cfg
@@ -45,13 +46,17 @@
     #    backwards compatibility and may eventually go away (we really have no
     #    need for the -admin address anymore).
     #
+    # We escape a few special characters in the list name in the pipe command
+    # to avoid characters that might split the pipe into two commands.
+    safename = re.sub('([;|&`$])', r'\\\1', listname)
+    #
     # Seed this with the special cases.
-    aliases = [(listname,          '"|%s post %s"' % (wrapper, listname)),
+    aliases = [(listname,          '"|%s post %s"' % (wrapper, safename)),
                ]
     for ext in ('admin', 'bounces', 'confirm', 'join', 'leave', 'owner',
                 'request', 'subscribe', 'unsubscribe'):
         aliases.append(('%s-%s' % (listname, ext),
-                        '"|%s %s %s"' % (wrapper, ext, listname)))
+                        '"|%s %s %s"' % (wrapper, ext, safename)))
     return aliases
 
 

=== modified file 'Mailman/MailList.py'
--- Mailman/MailList.py	2008-02-23 23:14:01 +0000
+++ Mailman/MailList.py	2008-06-29 05:07:10 +0000
@@ -475,6 +475,12 @@
         assert name == name.lower(), 'List name must be all lower case.'
         if Utils.list_exists(name):
             raise Errors.MMListAlreadyExistsError, name
+        # Problems and potential attacks can occur if the list name in the
+        # pipe to the wrapper in an MTA alias or other delivery process
+        # contains shell special characters so allow only defined characters
+        # (default = '[-+_.=a-z0-9]').
+        if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', name)) > 0:
+            raise Errors.BadListNameError, name
         # Validate what will be the list's posting address.  If that's
         # invalid, we don't want to create the mailing list.  The hostname
         # part doesn't really matter, since that better already be valid.