On Fri, Jul 21, 2006, Paul J Stevens wrote: [...] > > fixed. thanks. > [...] > > A bug. I've fixed it in svn-trunk. I don't think anyone actually tried > using --without-PACKAGE before.
Thanks, I will give it a try. Another problem I encountered are the PID files, as they are created world-writeable. This is a possible security hole as might allow local users to kill arbitrary processes indirectly. Maybe other files beside PID files are affected as well. BTW, I know of a similar situation in the Exim source code (which has been fixed there), take a look at the ChangeLog file (-> modefopen) or src/exim.c (comment about modefopen()) of a recent Exim tarball (4.62 in my case). I currently worked around the situation by using a var/run/ directory dedicated to exclusive use by DBmail with limited permissions. Cheers, -cs
