Bugtraq mailing list archives

Re: pop3

From: kris () FREEBSD ORG (Kris Kennaway)
Date: Thu, 27 Apr 2000 14:52:57 -0700


On Thu, 20 Apr 2000, spoon spoon wrote:

I noticed the following behavior in the pop3 server as shipped with
Redhat 6.1 (still don't see


Qualcomms POP servers have this problem as well, on linux, solaris, etc.
Except the lock file gets stored where ever your users mail is stored.
/var/mail(on a sun) or where ever. I guess a nice solution would be to have a
subdirectory with mode 700 permissions under /var/mail/locks or something like
that where only the popper can write to. Or just ignore the lock if the owner
of the lock file is diffrent thant the userid of the person popping their
mail.


Just a note that FreeBSD doesnt have this problem: /var/mail is only
group-writable to the mail group, and popauth is setuid to a "pop" user
which is in the group and can create the lock/temporary file.

Kris

----
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe () alum mit edu>

Current thread:

Network Security and Privacy JavaMan (Apr 19)
- Re: Network Security and Privacy B Potter (Apr 19)
- Re: Network Security and Privacy Cold Fire (Apr 20)
  - pop3 spoon spoon (Apr 20)
    - Re: pop3 Christopher P. Lindsey (Apr 21)
    - Re: pop3 Jason Godsey (Apr 22)
    - unsafe fgets() in sendmail's mail.local 3APA3A (Apr 24)
    - Re: unsafe fgets() in sendmail's mail.local Claus Assmann (Apr 25)
    - Re: pop3 Kris Kennaway (Apr 27)
  - Re: Network Security and Privacy dynamo (Apr 20)