From owner-freebsd-security Fri Apr 21 14:39:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 344DE37B89C; Fri, 21 Apr 2000 14:39:45 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id OAA42303; Fri, 21 Apr 2000 14:39:45 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Fri, 21 Apr 2000 14:39:44 -0700 (PDT) From: Kris Kennaway To: Otterley Cc: Cy Schubert - ITSD Open Systems Group , Robert Watson , "Michael S. Fischer" , security@FreeBSD.ORG Subject: Re: Fw: Re: imapd4r1 v12.264 (fwd) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 19 Apr 2000, Otterley wrote: > No! Please no! Unless you can offer a viable alternative (NOT Cyrus, > thank you very much), please do not remove it. I'd much prefer a patch. Given that two vulnerabilities have already been found, and the author has not seen fit to release a patch to address them, I don't think this is going to be forthcoming - there are probably going to be a lot of other bugs discovered here, if the past history of the imap-uw port is any indication. Basically, the bottom line is that imap-uw is not safe to use in an environment where you have users who you don't want to have shell access to your machine, but unfortunately there isn't much in the way of alternatives. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message