[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: pop3
From:       Kris Kennaway <kris () FREEBSD ! ORG>
Date:       2000-04-27 21:52:57
[Download RAW message or body]

On Thu, 20 Apr 2000, spoon spoon wrote:

> >I noticed the following behavior in the pop3 server as shipped with
> >Redhat 6.1 (still don't see
>
> Qualcomms POP servers have this problem as well, on linux, solaris, etc.
> Except the lock file gets stored where ever your users mail is stored.
> /var/mail(on a sun) or where ever. I guess a nice solution would be to have a
> subdirectory with mode 700 permissions under /var/mail/locks or something like
> that where only the popper can write to. Or just ignore the lock if the owner
> of the lock file is diffrent thant the userid of the person popping their
> mail.

Just a note that FreeBSD doesnt have this problem: /var/mail is only
group-writable to the mail group, and popauth is setuid to a "pop" user
which is in the group and can create the lock/temporary file.

Kris

----
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>

[prev in list] [next in list] [prev in thread] [next in thread]