In <[EMAIL PROTECTED]>, on 03/20/03
at 09:12 PM, Sam Varshavchik <[EMAIL PROTECTED]> said:
>Chris Berry writes:
>>>From: "Mitch \(WebCob\)" <[EMAIL PROTECTED]>
>>>My understanding was that sqwebmail used direct access through it's setuid
>>>access to read the Maildirs directly, thereby reducing server and localloop
>>>network load.
>>
>> Isnt' setuid usually a "bad thing" as it opens up all kinds of security
>> holes? (though from what I hear PHP isn't exactly real secure either)
>[EMAIL PROTECTED] httpd]# ls -l /bin/ping
>-rwsr-xr-x 1 root root 35302 Jun 23 2002 /bin/ping
>Quick -- get rid of 'ping'. It's a major security hole.
...in {pick-yer-favorite}-Linux?
I am not too concerned about it in recent *BSD releases.... <G>
Regards,
Bill Hacker
-------------------------------------------------------
This SF.net email is sponsored by: Tablet PC.
Does your code think in ink? You could win a Tablet PC.
Get a free Tablet PC hat just for playing. What are you waiting for?
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
