On Tue, Mar 08, 2005 at 07:08:55PM -0500, Sam Varshavchik wrote......
> Kevin Coyner writes: > > > > chmod 755 /var/run/courier > > > >Indeed, I checked an old email server that has been running > >courier/sqwebmail for a long while now, and its permissions were 755, > >not 770 as in the default build. > > > >FYI there is a bug filed already in the Debian BTS for this. > If /var/run/courier is where authdaemon creates its socket, then this > is the wrong fix. It opens up a security hole. The correct fix is to > fix the permissions on the sqwebmail binary, so that it is setuid > root. I can't say for other installations, but in the Debian .deb package that I installed there is a sub-directory authdaemon that is 770. ~# cd /var/run/courier/ ~# ls -l drwxrwx--- 2 daemon daemon 4.0K Oct 24 20:24 authdaemon/ The processes that run in /var/run/courier are: drwxrwx--- 2 daemon daemon 4.0K Oct 24 20:24 authdaemon/ -rw-r--r-- 1 daemon daemon 6 Oct 24 20:24 imapd.pid -rw------- 1 daemon daemon 0 May 14 2004 imapd.pid.lock -rw-r--r-- 1 daemon daemon 6 Oct 24 20:24 pop3d.pid -rw------- 1 daemon daemon 0 May 14 2004 pop3d.pid.lock srwxrwxrwx 1 root root 0 Oct 24 20:24 sqwebmail.sock= -rw-r--r-- 1 root root 6 Oct 24 20:24 sqwebmaild.pid -rw------- 1 root root 0 Sep 2 2004 sqwebmaild.pid.lock -rw------- 1 root root 0 Oct 14 09:09 sqwebmaild.pid.pcp.lock Kevin --
signature.asc
Description: Digital signature
