Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Tue, 3 Jun 2003 12:01:49 +0400
From: Solar Designer <solar@...nwall.com>
To: popa3d-users@...ts.openwall.com
Subject: Re: root mail.

Hi,

On Tue, Jun 03, 2003 at 03:19:13PM +1000, Craig Hammond wrote:
> I'm figuring that you stop popa3d from serving roots mail for security
> reasons.
> The only reason I can think off is to stop stupid admins from sending
> the root password in cleartext over the internet.

That's not the only one.

If popa3d supported root logins, certain potential bugs in its code
could yield root access whereas now they can't.

It is generally a bad practice to do any work as root, unless it
requires root privileges.  Even on a disconnected machine with you
being the only user.  When you check your mail as root, it means
popa3d performs operations with excessive (root) privileges without
real need for that.

> It is possible to change it so I can retrieve roots mail. If so, how.

You need to create an alias which would deliver root's mail to a
non-root account.

-- 
/sd

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux