Date: Thu, 16 Jul 1998 20:01:19 +0300 (EEST) From: Adrian Penisoara <ady@warpnet.ro> To: patl@phoenix.volant.org Cc: Steve Price <sprice@hiwaay.net>, Matt Behrens <matt@megaweapon.zigg.com>, imap-uw@freebsd.ady.ro, FreeBSD ports <freebsd-ports@FreeBSD.ORG> Subject: Re: imap-uw security hole -- please update port Message-ID: <Pine.BSF.3.96.980716195521.3596A-100000@ady.warpnet.ro> In-Reply-To: <ML-3.3.900607823.4619.patl@asimov>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Thu, 16 Jul 1998 patl@phoenix.volant.org wrote: > You absolutely do NOT want to make the pine port depend on the imap-uw > port; nor do you want it to automatically install the IMAP and POP > servers that are packaged with it. Either choice would severely tick > off those of us who use any other IMAP/POP server package. (Also, > remember, the pine client may be built and installed on machines that > will never run a local IMAP or POP daemon.) Good point! > > Personally, I prefer the Cyrus IMAP server. Among other things, once > it has bound to the privileged IMAP port, it gives up root permission. > Aall deliveries are also run as a specific unprivileged user. This > drasticly reduces the severity of any potential security holes. Let's not start a IMAP war, OK ? I'll do whatever it takes to secure the port and after that I'll be glad to chat with you about this (I always wanted to give it shot to cyrus-imap, but it always happened that I couldn't build it for various reasons). > > > -Pat > PS: I'm fetching the latest imap-4.1.FINAL.tar.Z (timestamp Jul 13 01:46)... Thanks, Ady (@warpnet.ro) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980716195521.3596A-100000>