On Friday 25 July 2003 00:26, Tom Collins wrote: > <http://sourceforge.net/projects/qmailadmin/> > > ******* Corrected security flaw introduced in 1.0.13 ******** > In QmailAdmin 1.0.13 through 1.0.24, it was possible for any > user to configure their account (on the "Modify User" screen) > to forward their email to any program on the server. > > Since the program would run as the vpopmail user, this was a > very bad thing. The 1.0.25 release corrects this problem, > but will remove existing program delivery lines (other than > autoresponder and spam command) from a user's .qmail file if > they click the "Modify User" button on the "Modify User" screen. > > This is a temporary fix; we plan to improve the code that > alters a user's .qmail file to allow existing program delivery > lines to remain unchanged.
How soon do you plan to fix this? I make heavy use of program delivery lines, so there is no way I can install this version in anything but a strict test environment. Thanks! -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net
