Bug#461075: uw-imapd: world-writable tmp files

This seems to be intentional. imap-2007/src/osdep/unix/env_unix.c: 129 /* Do not change shlock_mode. Doing so can cause mailbox corruption and 130 * denial of service. It also defeats the entire purpose of the shared 131 * lock mechanism. The right way to avoid shared locks is to set up a

Bug#461075: uw-imapd: world-writable tmp files

Package: uw-imapd Version: 7:2007~dfsg-1 Tags: security $ ls -adl /tmp/.fd* -rw-rw-rw- 1 jpryzby jpryzby 5 2008-01-16 08:41 /tmp/.fd0c.500a3 -rw-rw-rw- 1 jpryzby jpryzby 5 2008-01-16 08:41 /tmp/.fd0c.5c043 -rw-rw-rw- 1 jpryzby jpryzby 5 2008-01-16 08:42 /tmp/.fd18.c $ sudo lsof /tmp/.fd* COMMAND

Bug#461075: uw-imapd: world-writable tmp files

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Jan 16, 2008 at 08:45:10AM -0500, Justin Pryzby wrote: Package: uw-imapd Version: 7:2007~dfsg-1 Tags: security $ ls -adl /tmp/.fd* -rw-rw-rw- 1 jpryzby jpryzby 5 2008-01-16 08:41 /tmp/.fd0c.500a3 -rw-rw-rw- 1 jpryzby jpryzby 5 2008-01-16

Bug#461075: uw-imapd: world-writable tmp files

On Wed, Jan 16, 2008 at 03:32:16PM +0100, Jonas Smedegaard wrote: On Wed, Jan 16, 2008 at 08:45:10AM -0500, Justin Pryzby wrote: Package: uw-imapd Version: 7:2007~dfsg-1 Tags: security $ ls -adl /tmp/.fd* -rw-rw-rw- 1 jpryzby jpryzby 5 2008-01-16 08:41 /tmp/.fd0c.500a3 That sure doesn't