Raboo Treed wrote:

well this patch was bad, cause it had some text-wrapping... I fixed that...
but still that patch doesn't work with the latest devel of vpopmail....
Does anyone have a working one with 5.3.29?

So if a "intruder" would get access as root or vpopmail user they wouldn't
use some vadduser binary to "insecure" your system...?? Or just maybe
someone would be able in some difficult way thru qmailadmin be able to
haxx0r your system just cause of the vadduser code is using system??

A root compromise of the system isn't the only thing one has to worry about. I'd be pretty pissed if someone inserted something into my skel that resulted in all of my email being duplicated and sent to someone else. Using cp when you could just copy the files in C in a secure manner is just silly. Its also less efficient, as an added bonus.

I think it's safe enough.. I don't know about this for sure, but for me it sounds pretty hard???


Exploitable just isn't safe enough. I've disagreed with Tom about the level of paranoia required (see the password/salt generation thread), but in this case he's absolutely right about requiring more than the current patch supplies.

Nick Harring
Webley Systems

Reply via email to