From owner-freebsd-ports Thu Jul 16 10:04:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA10569 for freebsd-ports-outgoing; Thu, 16 Jul 1998 10:04:13 -0700 (PDT) (envelope-from owner-freebsd-ports@FreeBSD.ORG) Received: from ady.warpnet.ro (ady.warpnet.ro [193.230.201.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA10486 for ; Thu, 16 Jul 1998 10:03:39 -0700 (PDT) (envelope-from ady@warpnet.ro) Received: from localhost (ady@localhost) by ady.warpnet.ro (8.8.8/8.8.8) with SMTP id UAA03633; Thu, 16 Jul 1998 20:01:19 +0300 (EEST) (envelope-from ady@warpnet.ro) Date: Thu, 16 Jul 1998 20:01:19 +0300 (EEST) From: Adrian Penisoara To: patl@phoenix.volant.org cc: Steve Price , Matt Behrens , imap-uw@freebsd.ady.ro, FreeBSD ports Subject: Re: imap-uw security hole -- please update port In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, On Thu, 16 Jul 1998 patl@phoenix.volant.org wrote: > You absolutely do NOT want to make the pine port depend on the imap-uw > port; nor do you want it to automatically install the IMAP and POP > servers that are packaged with it. Either choice would severely tick > off those of us who use any other IMAP/POP server package. (Also, > remember, the pine client may be built and installed on machines that > will never run a local IMAP or POP daemon.) Good point! > > Personally, I prefer the Cyrus IMAP server. Among other things, once > it has bound to the privileged IMAP port, it gives up root permission. > Aall deliveries are also run as a specific unprivileged user. This > drasticly reduces the severity of any potential security holes. Let's not start a IMAP war, OK ? I'll do whatever it takes to secure the port and after that I'll be glad to chat with you about this (I always wanted to give it shot to cyrus-imap, but it always happened that I couldn't build it for various reasons). > > > -Pat > PS: I'm fetching the latest imap-4.1.FINAL.tar.Z (timestamp Jul 13 01:46)... Thanks, Ady (@warpnet.ro) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message