On Nov 13, 2008, at 1:03 PM, Michal Hlavinka wrote:
Hi,we're trying to solve CVE-2008-4870 = rhbz#436287 = dovecot.conf is world readable - possible password exposure.This problem seems to be little more complicated than we thought.dovecot.conf can contain passphrase for ssl key, which is available for everyone since dovecot.conf has world readable permissions.
Maybe a new separate dovecot-secret.conf? When Dovecot starts up it first reads dovecot.conf and after that dovecot-secret.conf. deliver wouldn't read dovecot-secret.conf at all.
PGP.sig
Description: This is a digitally signed message part
