On Sun, Oct 05, 2003 at 10:42:15AM -0700, Mark Crispin wrote: > I have been informed that it is *not* safe to assume that localhost is a > secure pipe; and that localhost *can* be sniffed.
OUTCH! If there can be casese of leaking Information from 'localhost' to 'the outside', I'd have to change lots of little things here... Can you give me a hint? Or did you mean 'can be sniffed on the same host' which of course is possible and might be a problem, if users can run arbitrary programs in 'mailscripts' like postscript or other filters on the same host. I assumed in my reply, that the users hopefully may only access via apache, so nobody would be able to start anything unusual on the host itself. > I do not want imapd to be the center of attention of a security advisory > because of an ill-considered decision to exempt localhost from the > encryption rules. There are still still flames about imapd being > "insecure" because of problems that were fixed 5 years ago. OH, I see, what you mean, but nobody should blame 'misuse' or 'broken configs' to the 'program' (but to the 'installer'). That 'localhost'-problem would sound like flaming imap for a break in the kernel of the system? Stucki