RE: courier wants -lvpopmail

Tren Blackburn Mon, 10 Sep 2001 06:53:16 -0700
Hi Andrea;

I think that's a good suggestion.  Have the configure script check for
the permissions of ~vpopmail/lib/libvpopmail.a

 if [ ! -r ~vpopmail/lib/libvpopmail.a ]
 then
   echo "You have a secured version of VPOPMail.  Please read VPOPMail
FAQ #??"
   break
 else
   continue
 fi

But I think that's FAR preferable to changing the perms or having *JUST*
a FAQ item.  

Cheers,

Tren.

-----Original Message-----
From: Andrea Cerrito [mailto:[EMAIL PROTECTED]] 
Sent: Monday, September 10, 2001 8:11 AM
To: Ken Jones
Cc: [EMAIL PROTECTED]
Subject: R: courier wants -lvpopmail


 
-----BEGIN PGP SIGNED MESSAGE-----

> If we do 1) we won't get these couerier-imap questions, but security 
> won't be as tight. If we do 2) we will still get emails like this.
> 
> I thought changing the permissions on vpopmail/lib directory would 
> cause problems, that's why I was against it. But it seems security is 
> of higher concern.

Hi Ken,
I think security on frontend servers (backend too) is more important
that compile time ;) because:

- - if courier needs lvpopmail access just during compile time, doing a
chmod o+r before compile and removing it at the end, it isn't a very
hard work to do;
- - usually, you can compile apps on test machines and port them just
compiled, so I really don't see the needs to remove a tightened
security;
- - why not change courier configure? something like

Checking vpopmail... *** Warning! Found vpopmail 5.x: you have to
temporary change permissions on [vpopmail/lib] as root!!!

Anyway, this is IMHO. ;) 
- ---
Cordiali saluti / Best regards
Andrea Cerrito
^^^^^^^^^^^^^^
Net.Admin @ Centro MultiMediale di Terni S.p.A.
P.zzale Bosco 3A
05100 Terni IT
Tel. +39 0744 5441330
Fax. +39 0744 5441372

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQEVAwUBO5zKB/o9HK4+yTI3AQE9AAgAgo2gCzD8fJcIcaf65dlkxFk4u/72B2QU
pL6iqq++blMqo/qeDuJ2/fwLn1ttza3lReH+Hz5S2zha0xqX06MNo+tlJ9tYtmGy
y3GpVVs6mqLmf+QBDf1aU/wJBhO4iGi/P/WHLXmJpcUBc4Saw2dbxWay1OEBEHK3
ZnPfrVFCCQFqtbt+37YPvmZpsVQaSgDgFiTa/6L2zwzbyTb5G48JUi1J0KU6ngbd
uFLYMbbhT7iwpfR6icevCN+zb2qxdGLWNMneWGr6QSNab4ISgnuScnuEXx2wPJH8
ZjdCB4IfI/6y2cnsOFZ8UB/ixlx3qBIueYUmvu4a7CVHKwvqlWRgCQ==
=5whu
-----END PGP SIGNATURE-----
RE: courier wants -lvpopmail

Reply via email to
