The following issue has been RESOLVED. ====================================================================== http://www.dbmail.org/mantis/view.php?id=516 ====================================================================== Reported By: bjohnson Assigned To: aaron ====================================================================== Project: DBMail Issue ID: 516 Category: General Reproducibility: always Severity: minor Priority: normal Status: resolved target: Resolution: fixed Fixed in Version: 2.2.4 ====================================================================== Date Submitted: 01-Mar-07 08:21 CET Last Modified: 03-Mar-07 18:19 CET ====================================================================== Summary: permissions on log files are wrong or inconsistent Description: Reported as requested: http://permalink.gmane.org/gmane.mail.imap.dbmail.devel/8005
At the right debugging level / configuration settings, this leaves the log files open to be read by anyone, potentially exposing passwords. Or, at least ad some docs somewhere that the server will write logs with whatever umask that it is started with, so people know to set that first if they are concerned about the security of their accounts. Suggested fix: http://cvs.fedora.redhat.com/viewcvs/devel/dbmail/umask.patch?root=extras&rev=1.2&view=auto ====================================================================== ---------------------------------------------------------------------- aaron - 03-Mar-07 18:19 ---------------------------------------------------------------------- Patch accepted, thanks! Issue History Date Modified Username Field Change ====================================================================== 01-Mar-07 08:21 bjohnson New Issue 03-Mar-07 18:19 aaron Status new => resolved 03-Mar-07 18:19 aaron Fixed in Version => 2.2.4 03-Mar-07 18:19 aaron Resolution open => fixed 03-Mar-07 18:19 aaron Assigned To => aaron 03-Mar-07 18:19 aaron Note Added: 0001855 ====================================================================== _______________________________________________ Dbmail-dev mailing list [email protected] http://twister.fastxs.net/mailman/listinfo/dbmail-dev
