Date: Thu, 16 Jul 1998 10:27:49 -0700 (PDT) From: patl@phoenix.volant.org To: Adrian Penisoara <ady@warpnet.ro> Cc: Steve Price <sprice@hiwaay.net>, Matt Behrens <matt@megaweapon.zigg.com>, imap-uw@freebsd.ady.ro, FreeBSD ports <freebsd-ports@FreeBSD.ORG> Subject: Re: imap-uw security hole -- please update port Message-ID: <ML-3.3.900610069.1549.patl@asimov> In-Reply-To: <Pine.BSF.3.96.980716195521.3596A-100000@ady.warpnet.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Personally, I prefer the Cyrus IMAP server. Among other things, once > > it has bound to the privileged IMAP port, it gives up root permission. > > Aall deliveries are also run as a specific unprivileged user. This > > drasticly reduces the severity of any potential security holes. > > Let's not start a IMAP war, OK ? I'll do whatever it takes to secure the > port and after that I'll be glad to chat with you about this (I always > wanted to give it shot to cyrus-imap, but it always happened that I > couldn't build it for various reasons). I have no intention of starting an IMAP war. However, I do like to occasionally remind folks that imap-uw isn't the only option; and that the Cyrus architecture does have certain advantages in many situations. The trade-off is that you no longer have the traditional unix system mail folders. (This could be construed as a feature...) For my needs, the increased security and 'virtual user' capability far outweighed the desire for compatability with MUAs that haven't kept up with the times. But then, I didn't have a bunch of old-timers hanging around to complain that their favorite tool doesn't work any more. (Well, only the one. And I managed to twist his[my] arm till he[I] agreed. :-) -Pat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ML-3.3.900610069.1549.patl>