Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Sep 2000 18:55:24 +0700 (NSS)
From:      Max Khon <fjoe@iclub.nsu.ru>
To:        Matt Heckaman <matt@ARPA.MAIL.NET>
Cc:        Fred Souza <cseg@kronus.com.br>, security@FreeBSD.ORG
Subject:   Re: pine 4.21 port issues?
Message-ID:  <Pine.BSF.4.21.0009201849150.29670-200000@iclub.nsu.ru>
In-Reply-To: <Pine.BSF.4.21.0008082253090.410-100000@epsilon.lucida.qc.ca>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
hi, there!

On Tue, 8 Aug 2000, Matt Heckaman wrote:

> :   Going again into the silly root.mail 1777 solved the problem, but I
> :   definately don't like that idea.  Any pointers on how to get rid of that?
> 
> Yeah, just do what someone suggested and what I just put in over here, it
> gets rid of the messages and doesn't hurt anything that I've seen.
> 
> Create /usr/local/etc/pine.conf.fixed, in it put:
> 
> feature-list=	quell-lock-failure-warnings
> 
> That'll enforce that option on all pine clients, effectively shutting up
> the message. I doubt running pine with /var/mail root:mail 0775 will hurt
> anything, I've *always* ran it that way.

this is hardly a security issue but pine4 always had patches/patch-aw to
quell this warning. but since libc-client has been moved to separate port
it does not have this patch (pine4 port now uses libc-client from
/ports/mail/cclient/ and all imap patches in it are useless).

add attached patch to to ports/mail/cclient/patches and rebuild it. port
maintainer of mail/cclient has been contacted.

/fjoe

[-- Attachment #2 --]
--- src/osdep/unix/env_unix.c.orig	Thu May  4 00:33:01 2000
+++ src/osdep/unix/env_unix.c	Wed Sep 20 17:44:37 2000
@@ -848,7 +848,8 @@
 	      }
 	      close (pi[0]); close (pi[1]);
 	    }
-	    if (lockEaccesError){/* punt silently if paranoid site */
+	    if (strncmp(base->lock,"/var/mail/",10) && lockEaccesError) {
+	    /* punt silently if paranoid site */
 	      sprintf (tmp,"Mailbox vulnerable - directory %.80s",hitch);
 	      if (s = strrchr (tmp,'/')) *s = '\0';
 	      strcat (tmp," must have 1777 protection");
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009201849150.29670-200000>