Michael Mehrle wrote: >I just enabled logging and realized that the default >permissions for the logging directory are set to 666. >Now, since the pop3 logs contain passwords, I deem >this to be a major security hole. Anyone having a >guest account or having even acquired non-root access >to my system would be able to extract account >information in the clear. > > This is not a major security hole. As your /var/MailRoot directory should be chmod 700 and chown root your guest accounts and non-root accounts will not be able to even ls anything in or under /var/MailRoot. Go ahead and give it a try and you will see.
- To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
