Justin Pryzby writes: > On Wed, Mar 23, 2005 at 09:23:09PM +0100, Matthias Klose wrote: > > Wolfgang Kohnen writes: > > > Package: mailscanner > > > Version: 4.38.10-1 > > > Severity: serious > > > Justification: fhs > > > > > > Hello, > > > > > > with the default configuration, mailscanner uses /tmp as the directory > > > holding pid and lock files. Since these dirs are world writeable, this > > > is a security concern. It should use /var/run/mailscanner instead. I > > > think this bug should be fixed downstream and be reported upstream as > > > well. > > > > please elaborate, why you think that pid files are created in /tmp. > > mailscanner-4.39.6/etc$ grep -r /tmp . > ./MailScanner.conf:Lockfile Dir = /tmp
please re-read my question. Thanks, Matthias -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
