This seems to be intentional. imap-2007/src/osdep/unix/env_unix.c: 129 /* Do not change shlock_mode. Doing so can cause mailbox corruption and 130 * denial of service. It also defeats the entire purpose of the shared 131 * lock mechanism. The right way to avoid shared locks is to set up a 132 * closed box (see the closedBox setting). 133 */ 134 135 /* shared lock mode */ 136 static const int shlock_mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
The files are used for locking. I haven't looked into this more, but I would assume that as a local user can lock or remove the lock it can cause a DoS of the server or cause mail box corruption. There also seems to be another problem here -- the file names are predictable. imap-2007/src/osdep/unix/env_unix.c: 1318 /* make temporary lock file name */ 1319 sprintf (lock,"%s/.%lx.%lx",closedBox ? "" : tmpdir, 1320 (unsigned long) sbuf->st_dev,(unsigned long) sbuf->st_ino); -- Lubomir Kundrak (Red Hat Security Response Team) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
