> The bug has already been reported: > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=103479 > Thanks! This is very useful! What do you think about the comment in the report page, especailly the 3rd paragraph: Additional Comment #3 From Mike A. Harris on 2004-02-27 04:58 ------- This warning message from UW imap is 100% bogus. Red Hat does not use the same locking mechanism that is recommended by the UW imap people, because it is inherently more insecure. All software on the system which accesses the mail spool files must agree upon a common locking mechanism, and must be patched if necessary to all use one single mechanism. Red Hat has been using the same mechanism in all OS releases for many years now, and we have patched UW imap, and UW pine to use our system-wide mechanism for some time now. UW suggests that the mail spool directory should be mode 1777, which is incredibly insane, as that makes the mail spool directory *world writeable*, and thus subject to local DOS attacks. That is totally unacceptable in a modern Linux/UNIX OS. The proper fix for this bug, is to patch the UW imap sources to remove this bogus warning/error message, because we do not use the insecure method that UW recommends for mail locking. Doing otherwise, would require patching every single MTA, MDA, and MUA in the entire distribution to do it the ensecure world-writeable way, and we decided a very long time ago that that was not acceptable.
