Bugtraq mailing list archives
Re: pop3
From: godsey () GODSEY NET (Jason Godsey)
Date: Sat, 22 Apr 2000 05:36:29 -0700
I've had it use ~/.pop3.lock for quite some time (since 1995). I'm sure this won't work for people who don't provide users w/ home directories, but it has worked for us. Jason On Thu, 20 Apr 2000, spoon spoon wrote:
Date: Thu, 20 Apr 2000 18:23:28 +0200 From: spoon spoon <sp00n () GMX DE> To: BUGTRAQ () SECURITYFOCUS COM Subject: pop3I noticed the following behavior in the pop3 server as shipped with Redhat 6.1 (still don't seeQualcomms POP servers have this problem as well, on linux, solaris, etc. Except the lock file gets stored where ever your users mail is stored. /var/mail(on a sun) or where ever. I guess a nice solution would be to have a subdirectory with mode 700 permissions under /var/mail/locks or something like that where only the popper can write to. Or just ignore the lock if the owner of the lock file is diffrent thant the userid of the person popping their mail. $ > .jqpublic.pop $ id uid=1001(testacct) gid=1(other) $ pwd /var/mail $ ls -la | more total 465698 drwxrwxrwt 3 root mail 6656 Apr 20 12:03 . <cut> -rw-r--r-- 1 testacct other 0 Apr 20 12:03 .jqpublic.pop <cut> +OK QPOP (version: 2.53) on solaris jqpublic ant pop his mail -- Sent through Global Message Exchange - http://www.gmx.net
Current thread:
- Network Security and Privacy JavaMan (Apr 19)
- Re: Network Security and Privacy B Potter (Apr 19)
- Re: Network Security and Privacy Cold Fire (Apr 20)
- pop3 spoon spoon (Apr 20)
- Re: pop3 Christopher P. Lindsey (Apr 21)
- Re: pop3 Jason Godsey (Apr 22)
- unsafe fgets() in sendmail's mail.local 3APA3A (Apr 24)
- Re: unsafe fgets() in sendmail's mail.local Claus Assmann (Apr 25)
- Re: pop3 Kris Kennaway (Apr 27)
- pop3 spoon spoon (Apr 20)
- Re: Network Security and Privacy dynamo (Apr 20)