> A root compromise of the system isn't the only thing one has to worry > about. I'd be pretty pissed if someone inserted something into my skel > that resulted in all of my email being duplicated and sent to someone > else. Using cp when you could just copy the files in C in a secure > manner is just silly. Its also less efficient, as an added bonus.
> Exploitable just isn't safe enough. I've disagreed with Tom about the > level of paranoia required (see the password/salt generation thread), > but in this case he's absolutely right about requiring more than the > current patch supplies. Who will be our saviour and take on the task to make the patch secure and worthy to be a part of vpopmail future releases ( P.S. sorry Nick if you've recived the message twice I pressed the wrong reply button at first )