Bug#461075: uw-imapd: world-writable tmp files

2008-01-18 Thread Lubomir Kundrak
This seems to be intentional. imap-2007/src/osdep/unix/env_unix.c: 129 /* Do not change shlock_mode. Doing so can cause mailbox corruption and 130 * denial of service. It also defeats the entire purpose of the shared 131 * lock mechanism. The right way to avoid shared locks is to set up a

Bug#461075: uw-imapd: world-writable tmp files

2008-01-16 Thread Justin Pryzby
On Wed, Jan 16, 2008 at 03:32:16PM +0100, Jonas Smedegaard wrote: > On Wed, Jan 16, 2008 at 08:45:10AM -0500, Justin Pryzby wrote: > >Package: uw-imapd > >Version: 7:2007~dfsg-1 > >Tags: security > > > >$ ls -adl /tmp/.fd* > >-rw-rw-rw- 1 jpryzby jpryzby 5 2008-01-16 08:41 /tmp/.fd0c.500a3 > That

Bug#461075: uw-imapd: world-writable tmp files

2008-01-16 Thread Jonas Smedegaard
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Jan 16, 2008 at 08:45:10AM -0500, Justin Pryzby wrote: >Package: uw-imapd >Version: 7:2007~dfsg-1 >Tags: security > >$ ls -adl /tmp/.fd* >-rw-rw-rw- 1 jpryzby jpryzby 5 2008-01-16 08:41 /tmp/.fd0c.500a3 >-rw-rw-rw- 1 jpryzby jpryzby 5 2008-01-1

Bug#461075: uw-imapd: world-writable tmp files

2008-01-16 Thread Justin Pryzby
Package: uw-imapd Version: 7:2007~dfsg-1 Tags: security $ ls -adl /tmp/.fd* -rw-rw-rw- 1 jpryzby jpryzby 5 2008-01-16 08:41 /tmp/.fd0c.500a3 -rw-rw-rw- 1 jpryzby jpryzby 5 2008-01-16 08:41 /tmp/.fd0c.5c043 -rw-rw-rw- 1 jpryzby jpryzby 5 2008-01-16 08:42 /tmp/.fd18.c $ sudo lsof /tmp/.fd* COMMAND