Fritz Whittington writes:
On or about 2004-07-27 17:36, Sam Varshavchik whipped out a trusty #2 pencil and scribbled:
I don't think you understand the situation. The POP3 server is running on the Linux box. And whether it's running as root or not has nothing to do with the security (or lack thereof) of the Mozilla that's running on the Windows box and fetching mail from the POP3 server. Nor does it matter what's in the email or which user's mbox it came from.Fritz Whittington writes:
*Mail read with Mozilla on a Windows machine from a POP3 server doesn't have root's privileges either!*
But your server process does. If your POP3 server has a known exploit, and you're running it as root, then it's game over.
I understand the situation very well. See above. If you don't understand what those two sentences mean, re-read them again until you do.
Attachment:
pgpCHQtJ3WGe4.pgp
Description: PGP signature