On Nov 20, 2009, at 9:06 AM, Frank Cusack wrote: > On November 19, 2009 7:45:05 PM -0500 Timo Sirainen <[email protected]> wrote: >> http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz >> http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz.sig >> >> This is mainly to fix the 0777 base_dir creation issue, which could be >> considered a security hole, exploitable by local users. An attacker >> could for example replace Dovecot's auth socket and log in as other >> users. Gaining root privileges isn't possible though. > > Isn't it possible to login as a master user?
"Master user" simply means ability to log in as another user with your own password. There's no way to log in as root.
