I'm planning on rewriting it correctly. At the time I really hadn't considered the implications of how it worked, and the fact that it isn't really cross platform.
I'll submit another with a more secure, cross platform diff, as soon as I am able against whatever is current in cvs at the time. Thanks! David ----- Original Message ----- From: "Raboo Treed" <[EMAIL PROTECTED]> To: "vpopmail list" <[EMAIL PROTECTED]> Sent: Thursday, November 06, 2003 6:25 PM Subject: Re: [vchkpw] skel > > > A root compromise of the system isn't the only thing one has to worry > > about. I'd be pretty pissed if someone inserted something into my skel > > that resulted in all of my email being duplicated and sent to someone > > else. Using cp when you could just copy the files in C in a secure > > manner is just silly. Its also less efficient, as an added bonus. > > > Exploitable just isn't safe enough. I've disagreed with Tom about the > > level of paranoia required (see the password/salt generation thread), > > but in this case he's absolutely right about requiring more than the > > current patch supplies. > > Who will be our saviour and take on the task to make the patch secure and > worthy to be a part of vpopmail future releases > > ( P.S. sorry Nick if you've recived the message twice > I pressed the wrong reply button at first ) > >
