On Wed, Mar 23, 2005 at 09:23:09PM +0100, Matthias Klose wrote: > Wolfgang Kohnen writes: > > Package: mailscanner > > Version: 4.38.10-1 > > Severity: serious > > Justification: fhs > > > > Hello, > > > > with the default configuration, mailscanner uses /tmp as the directory > > holding pid and lock files. Since these dirs are world writeable, this > > is a security concern. It should use /var/run/mailscanner instead. I > > think this bug should be fixed downstream and be reported upstream as > > well. > > please elaborate, why you think that pid files are created in /tmp.
mailscanner-4.39.6/etc$ grep -r /tmp . ./MailScanner.conf:Lockfile Dir = /tmp Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
