I'm planning on rewriting it correctly. At the time I really hadn't considered the implications of how it worked, and the fact that it isn't really cross platform.I'll submit another with a more secure, cross platform diff, as soon as I am able against whatever is current in cvs at the time. Thanks! David ----- Original Message ----- From: "Raboo Treed" <[EMAIL PROTECTED]> To: "vpopmail list" <[EMAIL PROTECTED]> Sent: Thursday, November 06, 2003 6:25 PM Subject: Re: [vchkpw] skelA root compromise of the system isn't the only thing one has to worry about. I'd be pretty pissed if someone inserted something into my skel that resulted in all of my email being duplicated and sent to someone else. Using cp when you could just copy the files in C in a secure manner is just silly. Its also less efficient, as an added bonus.Exploitable just isn't safe enough. I've disagreed with Tom about the level of paranoia required (see the password/salt generation thread), but in this case he's absolutely right about requiring more than the current patch supplies.Who will be our saviour and take on the task to make the patch secure and worthy to be a part of vpopmail future releases ( P.S. sorry Nick if you've recived the message twice I pressed the wrong reply button at first )
I hate to bring old messages back up, but i would like such an option. Seeing as using it with spamassassin to auto add some standard settings would make a really good way to get users acustomed to spamassassin and how it can help them with their spam problem, also it would help out administrators.
About other people editing it, well just be smart about it, chmod the files correctly, and dont allow any user other than vpopmail/root to write/edit files in the directory.