Jesse Guardiani wrote:
On Friday 25 July 2003 00:26, Tom Collins wrote:
<http://sourceforge.net/projects/qmailadmin/>
******* Corrected security flaw introduced in 1.0.13 ******** In QmailAdmin 1.0.13 through 1.0.24, it was possible for any user to configure their account (on the "Modify User" screen) to forward their email to any program on the server.
Since the program would run as the vpopmail user, this was a very bad thing. The 1.0.25 release corrects this problem, but will remove existing program delivery lines (other than autoresponder and spam command) from a user's .qmail file if they click the "Modify User" button on the "Modify User" screen.
This is a temporary fix; we plan to improve the code that alters a user's .qmail file to allow existing program delivery lines to remain unchanged.
How soon do you plan to fix this?
There won't be an official release before August 1st, since Tom is in charge of the sf.net account so we cannot release another version until he's back to do so.
However, we can start to code a patch that would work and test it before he gets back.
I make heavy use of program delivery lines, so there is no way I can install this version in anything but a strict test environment.
Out of curiosity (and to help understand your situation more), how do you create these custom program delivery lines? Via scripts to create new users?
And- what are the program delivery lines?
Jeff --
/\ /\ .. .. .. [EMAIL PROTECTED] / \/ \ a t r i x . . . . . . . (770) 794-7233 s o f t w a r e i n c .. .. .. http://www.matrixsi.com
