[Dovecot] you got chocolate in my peanut butter?!

Timo Sirainen tss at iki.fi
Sun Oct 8 21:52:00 UTC 2006


On Fri, 2006-09-29 at 11:11 -0500, Logan Shaw wrote:
> [1]  Specifically, if getpwnam() returns a username that
>       doesn't match what it was called with, dovecot calls
>       i_fatal() whose output I assume will go to the log file.
>       Since (a) the wrong messages got downloaded, and (b)
>       I didn't see any "BROKEN NSS IMPLEMENTATION" message in
>       the log file, I assume the check isn't firing.

I haven't before heard that this check wouldn't have caught the problem,
but since I don't know what exactly the bug in nss_ldap is, I guess it's
possible that sometimes the username is correct but the rest of the data
(uid and home dir especially) isn't..

In any case, the only case when I've ever heard that user has had access
to another user's mailbox accidentally is with nss_ldap, so I'm pretty
sure that's the problem even if my check isn't working.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20061008/8d6b85d9/attachment.pgp 


More information about the dovecot mailing list