Date: Thu, 16 Jul 1998 09:50:23 -0700 (PDT) From: patl@phoenix.volant.org To: Steve Price <sprice@hiwaay.net> Cc: Matt Behrens <matt@megaweapon.zigg.com>, imap-uw@freebsd.ady.ro, FreeBSD ports <freebsd-ports@FreeBSD.ORG> Subject: Re: imap-uw security hole -- please update port Message-ID: <ML-3.3.900607823.4619.patl@asimov> In-Reply-To: <Pine.BSF.3.96.980716182054.3069A-100000@ady.warpnet.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hey, I won't worry if Matt doesn't. :) If we don't install > the imap tools does that satisfy your requirements Matt or > are you expecting them to be installed as part of pine4? > If so, would a *_DEPENDS on the imap-uw port work? Of > course its build/install would have to be conditionalized > appropriately first of course. You absolutely do NOT want to make the pine port depend on the imap-uw port; nor do you want it to automatically install the IMAP and POP servers that are packaged with it. Either choice would severely tick off those of us who use any other IMAP/POP server package. (Also, remember, the pine client may be built and installed on machines that will never run a local IMAP or POP daemon.) Personally, I prefer the Cyrus IMAP server. Among other things, once it has bound to the privileged IMAP port, it gives up root permission. Aall deliveries are also run as a specific unprivileged user. This drasticly reduces the severity of any potential security holes. -Pat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ML-3.3.900607823.4619.patl>