[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list]
Date: Sun, 17 Nov 2002 16:25:38 +0300
From: Solar Designer <solar@...nwall.com>
To: popa3d-users@...ts.openwall.com
Subject: Re: Mailbox symlink
On Sun, Nov 17, 2002 at 03:20:58PM +0200, Gil Disatnik wrote:
Hi,
> I am using popa3d that comes with slack-current (0.5.1).
>
> /var/spool/mail/<username> is in fact a symlink to $HOME/Maildir.
You mean, to $HOME/Mailbox?
Yes, that won't work. The reason I've added safety checks to popa3d's
mailbox opens is to defeat certain attacks possible specifically when
mailboxes are in user-writable directories (that is, when popa3d is
built with support for $HOME/Mailbox). One such attack would be
symlinking $HOME/Mailbox to /dev/zero.
You really need to rebuild popa3d with support for $HOME/Mailbox, this
is an option in params.h.
As you're currently using the Slackware package, you need to choose
one of:
1. Modify the Slackware package to build popa3d with this option.
2. Build popa3d manually, install under /usr/local (that's where "make
install" would place it by default) and use that instead of the binary
provided with Slackware.
--
/sd
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux