Greg A. Woods writes:

>Apache has that SUEXEC thing which seems to be more secure in controlled
>environments than even setgid scripts might be.  If I'm not mistaken it

Yes, I am aware of that.  A small drawback is that it is done with the
help of a setuid root wrapper program, which incorporates a certain
performance penalty.  Although that penalty might not be high, it isn't
quite the same as if the httpd ran the CGIs straight ahead.  Still,
considering that mailman is written (afaik) in Python scripts, the
overhead of loading the script interpreter is likely high enough to
make the setuid wrapper's overhead negligible.  And also mailing list
administration through a web interface isn't much of a high performance
thing anyways.

-- 
  Matthias Buelow;  mkb@{mukappabeta.de,informatik.uni-wuerzburg.de}