[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: pop3
From: Kris Kennaway <kris () FREEBSD ! ORG>
Date: 2000-04-27 21:52:57
[Download RAW message or body]
On Thu, 20 Apr 2000, spoon spoon wrote:
> >I noticed the following behavior in the pop3 server as shipped with
> >Redhat 6.1 (still don't see
>
> Qualcomms POP servers have this problem as well, on linux, solaris, etc.
> Except the lock file gets stored where ever your users mail is stored.
> /var/mail(on a sun) or where ever. I guess a nice solution would be to have a
> subdirectory with mode 700 permissions under /var/mail/locks or something like
> that where only the popper can write to. Or just ignore the lock if the owner
> of the lock file is diffrent thant the userid of the person popping their
> mail.
Just a note that FreeBSD doesnt have this problem: /var/mail is only
group-writable to the mail group, and popauth is setuid to a "pop" user
which is in the group and can create the lock/temporary file.
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic