From owner-freebsd-ports Thu Jul 16 10:28:46 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA13868 for freebsd-ports-outgoing; Thu, 16 Jul 1998 10:28:46 -0700 (PDT) (envelope-from owner-freebsd-ports@FreeBSD.ORG) Received: from phoenix.volant.org (phoenix.volant.org [205.179.79.193]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA13859 for ; Thu, 16 Jul 1998 10:28:42 -0700 (PDT) (envelope-from patl@phoenix.volant.org) From: patl@phoenix.volant.org Received: from asimov.phoenix.volant.org ([205.179.79.65]) by phoenix.volant.org with smtp (Exim 1.92 #8) id 0ywrpQ-0004zI-00; Thu, 16 Jul 1998 10:28:24 -0700 Received: from localhost by asimov.phoenix.volant.org (SMI-8.6/SMI-SVR4) id KAA06154; Thu, 16 Jul 1998 10:27:49 -0700 Date: Thu, 16 Jul 1998 10:27:49 -0700 (PDT) Reply-To: patl@phoenix.volant.org Subject: Re: imap-uw security hole -- please update port To: Adrian Penisoara cc: Steve Price , Matt Behrens , imap-uw@freebsd.ady.ro, FreeBSD ports In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Personally, I prefer the Cyrus IMAP server. Among other things, once > > it has bound to the privileged IMAP port, it gives up root permission. > > Aall deliveries are also run as a specific unprivileged user. This > > drasticly reduces the severity of any potential security holes. > > Let's not start a IMAP war, OK ? I'll do whatever it takes to secure the > port and after that I'll be glad to chat with you about this (I always > wanted to give it shot to cyrus-imap, but it always happened that I > couldn't build it for various reasons). I have no intention of starting an IMAP war. However, I do like to occasionally remind folks that imap-uw isn't the only option; and that the Cyrus architecture does have certain advantages in many situations. The trade-off is that you no longer have the traditional unix system mail folders. (This could be construed as a feature...) For my needs, the increased security and 'virtual user' capability far outweighed the desire for compatability with MUAs that haven't kept up with the times. But then, I didn't have a bunch of old-timers hanging around to complain that their favorite tool doesn't work any more. (Well, only the one. And I managed to twist his[my] arm till he[I] agreed. :-) -Pat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message