when doing "default" install of qmail-ldap, then every regular user in
system can run /var/qmail/bin/qmail-showctl command and
READ YOUR LDAP SERVER PASSWORD...
and theres nowhere in documentaion mentioned about it, although there is
---
~control/ldappassword
Password for the LDAP server connection
Default: NULL
Note: The password is in clear text. The file should be owned by root and
mode (600) rw-------.
---
in http://www.nrg4u.com/qmail/QLDAPINSTALL
So I bet there could plenty of administrators who have trusted doc and
have qmail-showctl with 755 premissions.
I myself at first plase checked all files over, paranoid as I am :)
__
Valmar.
