Package: postfix Version: 2.2.8-9 Severity: normal
When run as _any_ user, 'postqueue' allows them to see the contents of the queue with -p , and also to flush it with -f. The former is what I'd consider a user privacy violation, the latter seems to be putting administrative functions in the hands of ordinary users. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11.10rt Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages postfix depends on: ii adduser 3.80 Add and remove users and groups ii debconf [debconf-2.0] 1.4.70 Debian configuration management sy ii dpkg 1.13.16 package maintenance system for Deb ii libc6 2.3.5-13 GNU C Library: Shared libraries an ii libdb4.3 4.3.29-4 Berkeley v4.3 Database Libraries [ ii libsasl2 2.1.19-1.9 Authentication abstraction library ii libssl0.9.8 0.9.8a-7 SSL shared libraries ii lsb-base 3.0-15 Linux Standard Base 3.0 init scrip ii netbase 4.24 Basic TCP/IP networking system Versions of packages postfix recommends: ii mailx [mail-read 1:8.1.2-0.20050715cvs-1 A simple mail user agent ii mutt [mail-reade 1.5.11+cvs20060126-1 text-based mailreader supporting M pn resolvconf <none> (no description available) -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
