Bugtraq mailing list archives

Re: ipop3d (x2) / pine (x2) / ...

From: gvs () RINET RU (GvS)
Date: Sun, 11 Apr 1999 16:13:21 +0400


On Fri, 9 Apr 1999, Mark Crispin wrote:

 MC> The locks are 666 for a reason.

SHIT! Sorry...

The lock mode MUST be selectable. I can't see almost any reason for
world-writable locks for me and my systems. If somebody wants to, he
can set them 0666 by hand. In any case I would require truly shared
mailboxes, it's enough for me to have the lock mode group-writable
(0660) and permit access for the specified group. And only!

Making lock-file mode 0666 doesn't allow me to detect hostile user
whether he/she appears on my system, but easily allows him/her to
perform at least 2 different DoS attacks agains somebody's Pine. It's
headache.

SY, Seva Gluschenko, just stranger at the Road.
GVS-RIPE: Cronyx Plus / RiNet network administrator.

--- IRC: erra
 * Origin: Erra Netmale (gvs () rinet ru) [http://gvs.rinet.ru/]

Current thread:

Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Mark Crispin (Apr 08)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Olaf Kirch (Apr 09)
  - Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Mark Crispin (Apr 09)
    - Re: ipop3d (x2) / pine (x2) / ... GvS (Apr 11)
    - Re: ipop3d (x2) / pine (x2) / ... Thomas Roessler (Apr 12)
    - [support_feedback () us-support external hp com: Security Bulletins Patrick Oonk (Apr 13)
- Patrol security bugs fcosta (Apr 09)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight M.C.Mar (Apr 09)
  - New Novell Remote.NLM Password Decryption Algorithm with Exploit dreamer () RELIA NET (Apr 09)
    - Novell Pandora Hack Jeremy M. Guthrie (Apr 12)
    - Re: Novell Pandora Hack Simple Nomad (Apr 13)
    - Re: Novell Pandora Hack Iain P.C. Moffat (Apr 13)
    - aDSL routers David Brumley (Apr 13)
    - Re: aDSL routers Derek Vadala (Apr 14)

(Thread continues...)