The following issue has been SUBMITTED. ====================================================================== http://www.dbmail.org/mantis/view.php?id=516 ====================================================================== Reported By: bjohnson Assigned To: ====================================================================== Project: DBMail Issue ID: 516 Category: General Reproducibility: always Severity: minor Priority: normal Status: new target: ====================================================================== Date Submitted: 01-Mar-07 08:21 CET Last Modified: 01-Mar-07 08:21 CET ====================================================================== Summary: permissions on log files are wrong or inconsistent Description: Reported as requested: http://permalink.gmane.org/gmane.mail.imap.dbmail.devel/8005
At the right debugging level / configuration settings, this leaves the log files open to be read by anyone, potentially exposing passwords. Or, at least ad some docs somewhere that the server will write logs with whatever umask that it is started with, so people know to set that first if they are concerned about the security of their accounts. Suggested fix: http://cvs.fedora.redhat.com/viewcvs/devel/dbmail/umask.patch?root=extras&rev=1.2&view=auto ====================================================================== Issue History Date Modified Username Field Change ====================================================================== 01-Mar-07 08:21 bjohnson New Issue ====================================================================== _______________________________________________ Dbmail-dev mailing list [email protected] http://twister.fastxs.net/mailman/listinfo/dbmail-dev
