Ok it took loonger than I thought (What is this "work" thing people keep bothering me with?) but the fixed version has been uploaded and can be found at Incoming mirror sites such as ftp://llug.sep.bnl.gov/pub/debian/Incoming
Please let me know how it turns out. -- Jaldhar H. Vyas <[EMAIL PROTECTED]> On Mon, 27 Jul 1998, Jaldhar H. Vyas wrote: > Oh dear, I had a feeling something like this might happen. Unfortunately > because the critical security bug in imap had to be fixed with just hours > to go before the hamm deadline, I wasn't able to test as thouroughly as I > wanted to. I'm sorry. > > imapd has the wrong permissions. It should be 2755, root.mail. > According to debian policy (policy manual section 4.5) /var/spool/mail > should be 2775, mail.mail . This is what I've got on all my debian > systems and the funny thing is locking does seem to work. If for instance > I open MS outlook express to a folder and then open the same folder in > pine, outlook gives me an error about "Lost mailbox lock." as it should. > So I don't know if it is the problem or your non-standard permissions. > > I am compiling a fixed version of the package as we speak. I suggest you > try that and see if that works. (or you can just set the permissions of > imapd yourself.) If that doesn't work try changing your mailspool > permissions to the Debian standard. If that doesn't work either, I'll > investigate further. > > -- > Jaldhar H. Vyas <[EMAIL PROTECTED]> > > On Mon, 27 Jul 1998, Jean Pierre LeJacq wrote: > > > I recently upgraded to the new imap package (thanks for > > maintaining it Jaldhar!) and noticed a significant change in > > lockfile management. > > > > The imap daemon runs as the user/group of the person executing > > the daemon instead of the group "mail". This causes a problem > > since I currently have the spool directory ownership/permissions > > set to: > > > > drwxrwsr-t root mail /var/spool/mail > > > > My MUA (i.e. pine) warns that the mailbox is vulnerable since a > > lockfile is not created. What's strange is if I allow global > > writes, no lockfile actually written but the MUA is happy. > > > > What should be the ownership/permission of /var/spool/mail? Or > > should /usr/sbin/imapd be sgid mail? > > > > Thanks, > > > > -- > > Jean Pierre > > > > > -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
