I'm planning on rewriting it correctly. At the time I really hadn't
considered the implications of how it worked, and the fact that
it isn't really cross platform.

I'll submit another with a more secure, cross platform diff, as soon
as I am able against whatever is current in cvs at the time.



----- Original Message ----- 
From: "Raboo Treed" <[EMAIL PROTECTED]>
To: "vpopmail list" <[EMAIL PROTECTED]>
Sent: Thursday, November 06, 2003 6:25 PM
Subject: Re: [vchkpw] skel

> > A root compromise of the system isn't the only thing one has to worry
> > about. I'd be pretty pissed if someone inserted something into my skel
> > that resulted in all of my email being duplicated and sent to someone
> > else. Using cp when you could just copy the files in C in a secure
> > manner is just silly. Its also less efficient, as an added bonus.
> > Exploitable just isn't safe enough. I've disagreed with Tom about the
> > level of paranoia required (see the password/salt generation thread),
> > but in this case he's absolutely right about requiring more than the
> > current patch supplies.
> Who will be our saviour and take on the task to make the patch secure and
> worthy to be a part of vpopmail future releases
> ( P.S. sorry Nick if you've recived the message twice 
> I pressed the wrong reply button at first )

Reply via email to