On Wed, 2009-01-21 at 20:06 +1100, Robert S wrote: > If I create a new folder using a mail client (eg. kmail/OE), the > maildirfolder file is created world-writable. I assume that this is a > security risk and should be -rw-------.
Yes, it shouldn't be world-writable, fixed: http://hg.dovecot.org/dovecot-1.1/rev/22c279ca3bb4 Anyway there isn't really much danger with how it was previously, because: 1) The directory was created with 0700 permissions, so no-one could write to the file. 2) Even if someone was able to write to the file, the worst that could happen is that the owner's disk quota was reduced. The maildirfolder file is never read by Dovecot.
signature.asc
Description: This is a digitally signed message part
