Well, you can either take Red Hat point of view or the University of Washington. You can leave the permissions the way they are, but you will have those messages in the log. If they don't bother you that's ok, but they bugged me. On one test box I also tried installing an older version of imap over the top and that solved the problem for me as well. I didn't have to change permission and there were no messages. Quoting Hongwei Li <hongwei@xxxxxxxxxxxxxxxxxx>: > > The bug has already been reported: > > > > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=103479 > > > > Thanks! This is very useful! What do you think about > the comment in the > report page, especailly the 3rd paragraph: > > Additional Comment #3 From Mike A. Harris on 2004-02-27 > 04:58 ------- > > This warning message from UW imap is 100% bogus. Red Hat > does not > use the same locking mechanism that is recommended by the > UW imap > people, because it is inherently more insecure. > > All software on the system which accesses the mail spool > files > must agree upon a common locking mechanism, and must be > patched > if necessary to all use one single mechanism. Red Hat > has been > using the same mechanism in all OS releases for many > years now, > and we have patched UW imap, and UW pine to use our > system-wide > mechanism for some time now. > > UW suggests that the mail spool directory should be mode > 1777, > which is incredibly insane, as that makes the mail spool > directory > *world writeable*, and thus subject to local DOS attacks. > That > is totally unacceptable in a modern Linux/UNIX OS. > > The proper fix for this bug, is to patch the UW imap > sources to > remove this bogus warning/error message, because we do > not use > the insecure method that UW recommends for mail locking. > Doing > otherwise, would require patching every single MTA, MDA, > and MUA > in the entire distribution to do it the ensecure > world-writeable > way, and we decided a very long time ago that that was > not acceptable. > > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: > http://www.redhat.com/mailman/listinfo/fedora-list > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
