From owner-freebsd-ports  Thu Jul 16 10:04:13 1998
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA10569
          for freebsd-ports-outgoing; Thu, 16 Jul 1998 10:04:13 -0700 (PDT)
          (envelope-from owner-freebsd-ports@FreeBSD.ORG)
Received: from ady.warpnet.ro (ady.warpnet.ro [193.230.201.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA10486
          for <freebsd-ports@FreeBSD.ORG>; Thu, 16 Jul 1998 10:03:39 -0700 (PDT)
          (envelope-from ady@warpnet.ro)
Received: from localhost (ady@localhost)
	by ady.warpnet.ro (8.8.8/8.8.8) with SMTP id UAA03633;
	Thu, 16 Jul 1998 20:01:19 +0300 (EEST)
	(envelope-from ady@warpnet.ro)
Date: Thu, 16 Jul 1998 20:01:19 +0300 (EEST)
From: Adrian Penisoara <ady@warpnet.ro>
To: patl@phoenix.volant.org
cc: Steve Price <sprice@hiwaay.net>, Matt Behrens <matt@megaweapon.zigg.com>,
        imap-uw@freebsd.ady.ro, FreeBSD ports <freebsd-ports@FreeBSD.ORG>
Subject: Re: imap-uw security hole -- please update port
In-Reply-To: <ML-3.3.900607823.4619.patl@asimov>
Message-ID: <Pine.BSF.3.96.980716195521.3596A-100000@ady.warpnet.ro>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi,

On Thu, 16 Jul 1998 patl@phoenix.volant.org wrote:

> You absolutely do NOT want to make the pine port depend on the imap-uw
> port; nor do you want it to automatically install the IMAP and POP
> servers that are packaged with it.  Either choice would severely tick
> off those of us who use any other IMAP/POP server package. (Also,
> remember, the pine client may be built and installed on machines that
> will never run a local IMAP or POP daemon.)

 Good point!

> 
> Personally, I prefer the Cyrus IMAP server.  Among other things, once
> it has bound to the privileged IMAP port, it gives up root permission.
> Aall deliveries are also run as a specific unprivileged user.  This
> drasticly reduces the severity of any potential security holes.

 Let's not start a IMAP war, OK ? I'll do whatever it takes to secure the
port and after that I'll be glad to chat with you about this (I always
wanted to give it shot to cyrus-imap, but it always happened that I
couldn't build it for various reasons).

> 
> 
> -Pat
> 

 PS: I'm fetching the latest imap-4.1.FINAL.tar.Z (timestamp
Jul 13 01:46)...

 Thanks,
 Ady (@warpnet.ro)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message