[prev in list] [next in list] [prev in thread] [next in thread] 

List:       popa3d-users
Subject:    Re: Mailbox symlink
From:       Gil Disatnik <jewnix () technohac ! com>
Date:       2002-11-17 13:40:58
[Download RAW message or body]

$HOME/Mailbox, yeah, my mistake.

I'll rebuild the package myself.

Thanks!
At 04:25 PM 11/17/2002 +0300, you wrote:
>On Sun, Nov 17, 2002 at 03:20:58PM +0200, Gil Disatnik wrote:
>
>Hi,
>
> > I am using popa3d that comes with slack-current (0.5.1).
> >
> > /var/spool/mail/<username> is in fact a symlink to $HOME/Maildir.
>
>You mean, to $HOME/Mailbox?
>
>Yes, that won't work.  The reason I've added safety checks to popa3d's
>mailbox opens is to defeat certain attacks possible specifically when
>mailboxes are in user-writable directories (that is, when popa3d is
>built with support for $HOME/Mailbox).  One such attack would be
>symlinking $HOME/Mailbox to /dev/zero.
>
>You really need to rebuild popa3d with support for $HOME/Mailbox, this
>is an option in params.h.
>
>As you're currently using the Slackware package, you need to choose
>one of:
>
>1. Modify the Slackware package to build popa3d with this option.
>
>2. Build popa3d manually, install under /usr/local (that's where "make
>install" would place it by default) and use that instead of the binary
>provided with Slackware.
>
>--
>/sd


Regards

Gil Disatnik
UNIX system/security administrator.

GibsonLP@EFnet

_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
"Windows NT has detected mouse movement, you MUST restart
your computer before the new settings will take effect, [ OK ]"
--------------------------------------------------------------------
Windows is a 32 bit patch to a 16 bit GUI based on a 8 bit operating
system, written for a 4 bit processor by a 2 bit company which can
not stand 1 bit of competition.
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 

[prev in list] [next in list] [prev in thread] [next in thread]