[14641] in bugtraq
Re: pop3
daemon@ATHENA.MIT.EDU (Jason Godsey)
Mon Apr 24 14:41:38 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.21.0004220535220.68121-100000@mail.godsey.net>
Date: Sat, 22 Apr 2000 05:36:29 -0700
Reply-To: Jason Godsey <godsey@GODSEY.NET>
From: Jason Godsey <godsey@GODSEY.NET>
X-To: spoon spoon <sp00n@GMX.DE>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <8782.956247808@www5.gmx.net>
I've had it use ~/.pop3.lock for quite some time (since 1995). I'm sure
this won't work for people who don't provide users w/ home directories,
but it has worked for us.
Jason
On Thu, 20 Apr 2000, spoon spoon wrote:
> Date: Thu, 20 Apr 2000 18:23:28 +0200
> From: spoon spoon <sp00n@GMX.DE>
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: pop3
>
> >I noticed the following behavior in the pop3 server as shipped with
> >Redhat 6.1 (still don't see
>
> Qualcomms POP servers have this problem as well, on linux, solaris, etc.
> Except the lock file gets stored where ever your users mail is stored.
> /var/mail(on a sun) or where ever. I guess a nice solution would be to have a
> subdirectory with mode 700 permissions under /var/mail/locks or something like
> that where only the popper can write to. Or just ignore the lock if the owner
> of the lock file is diffrent thant the userid of the person popping their
> mail.
>
>
>
> $ > .jqpublic.pop
> $ id
> uid=1001(testacct) gid=1(other)
> $ pwd
> /var/mail
> $ ls -la | more
> total 465698
> drwxrwxrwt 3 root mail 6656 Apr 20 12:03 .
> <cut>
> -rw-r--r-- 1 testacct other 0 Apr 20 12:03 .jqpublic.pop
> <cut>
>
> +OK QPOP (version: 2.53) on solaris
>
> jqpublic ant pop his mail
>
> --
> Sent through Global Message Exchange - http://www.gmx.net
>
