From owner-freebsd-security Sun Jun 9 19:14:27 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id TAA13997 for security-outgoing; Sun, 9 Jun 1996 19:14:27 -0700 (PDT) Received: from hemi.com (hemi.com [204.132.158.10]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id TAA13974 for ; Sun, 9 Jun 1996 19:14:24 -0700 (PDT) Received: (from mbarkah@localhost) by hemi.com (8.6.12/8.6.12) id UAA29892; Sun, 9 Jun 1996 20:14:21 -0600 From: Ade Barkah Message-Id: <199606100214.UAA29892@hemi.com> Subject: Re: FreeBSD's /var/mail permissions To: taob@io.org (Brian Tao) Date: Sun, 9 Jun 1996 20:14:20 -0600 (MDT) Cc: security@freebsd.org In-Reply-To: from "Brian Tao" at Jun 9, 96 07:37:05 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Brian Tao wrote: [re: KEEP_DROP_TEMP in QPOP 2.2] > > Actually, this is not needed. The same set of permissions which > > prevents QPOP from creating the .user.pop file also prevents it > > from removing the lock file. =-) > > It complains about not being able to remove the file though, > doesn't it? ... I don't think it does. It erases the file using (void)unlink(p->temp_drop); so it never checks for EACCESS. I should compile with KEEP_DROP_TEMP anyway, more efficient that way. > > popper[20737]: @remote-host: -ERR POP EOF received > > > > Any ideas why this might be happening ? ... > > Hrmmmm... I remember some sort of problem like that with an older > 2.1.x qpopper that forced me to go back to the cac.washington.edu > POP daemon. ... Maybe I'll try out this washington.edu daemon. Any security concerns with it ? Glancing at rfc1081, it's pretty tempting to write a tiny, secure, POP server implementing just the few mandatory commands. Thanks, -Ade ------------------------------------------------------------------- Inet: mbarkah@hemi.com - HEMISPHERE ONLINE - -------------------------------------------------------------------