Re: [vchkpw] skel

[Raboo]

hmm, not shure, but i think, download a copy of the CVS, make a copy of it, in one of the copies you edit the source, after that, you do diff -ruN edited-source... original-source... >>skel.patch¨     as i said, I think... i'm not realy "that" in to it ----- Original Message ----- From: David Winkler To: vpopmail list Sent: Tuesday, December 16, 2003 7:03 AM Subject: Re: [vchkpw] skel I have this done already actually. Tom sent me a link to some great copy code. I'm having some problems with the diff however, but I'll get it uploaded to the patch system on sourceforge as soon as I am able.   If someone could tell me the best way to do a diff against CVS I would be greatfull.   Thanks!   David ----- Original Message ----- From: X-Istence To: David Winkler Cc: vpopmail list Sent: Monday, December 15, 2003 5:50 PM Subject: Re: [vchkpw] skel David Winkler wrote: I'm planning on rewriting it correctly. At the time I really hadn't considered the implications of how it worked, and the fact that it isn't really cross platform. I'll submit another with a more secure, cross platform diff, as soon as I am able against whatever is current in cvs at the time. Thanks! David ----- Original Message ----- From: "Raboo Treed" <[EMAIL PROTECTED]> To: "vpopmail list" <[EMAIL PROTECTED]> Sent: Thursday, November 06, 2003 6:25 PM Subject: Re: [vchkpw] skel A root compromise of the system isn't the only thing one has to worry about. I'd be pretty pissed if someone inserted something into my skel that resulted in all of my email being duplicated and sent to someone else. Using cp when you could just copy the files in C in a secure manner is just silly. Its also less efficient, as an added bonus. Exploitable just isn't safe enough. I've disagreed with Tom about the level of paranoia required (see the password/salt generation thread), but in this case he's absolutely right about requiring more than the current patch supplies. Who will be our saviour and take on the task to make the patch secure and worthy to be a part of vpopmail future releases ( P.S. sorry Nick if you've recived the message twice I pressed the wrong reply button at first ) I hate to bring old messages back up, but i would like such an option. Seeing as using it with spamassassin to auto add some standard settings would make a really good way to get users acustomed to spamassassin and how it can help them with their spam problem, also it would help out administrators. About other people editing it, well just be smart about it, chmod the files correctly, and dont allow any user other than vpopmail/root to write/edit files in the directory. X-Istence