The message is:
2004-03-08 07:29:12.094 Mail[435] Unhandled response to command CLOSE: * NO Mailbox vulnerable - directory /var/mail must have 1777 protection
/var/mail had these permissions at the time: drwxrwxr-t 7 root mail 238 8 Mar 07:25 mail
I changed them to: drwxrwxrwt 7 root mail 238 8 Mar 07:25 mail
and that did silence the complaint, but in what way is having _more_ restrictive permissions a vulnerability?
The vulnerability is that a lockfile can't be created, so that another process might munge the mailbox.
Here's the FAQ entry discussing this: <http://www.washington.edu/imap/IMAP-FAQs/index.html#7.10>
--
Sebastian Hagedorn PGP key ID: 0x4D105B45
http://www.spinfo.uni-koeln.de/~hgd/
