[Dovecot] Security issue #5: mail_extra_groups setting is often used insecurely

Karsten Bräckelmann guenther at rudersport.de
Wed Mar 5 00:46:44 EET 2008


On Tue, 2008-03-04 at 23:41 +0100, Karsten Bräckelmann wrote:
> On Wed, 2008-03-05 at 00:29 +0200, Timo Sirainen wrote:

> > Oh, this is actually harmless. You can get rid of it (and improve the
> > performance) by setting dotlock_use_excl=yes.
> > 
> > But maybe I should release v1.0.12 anyway with that error message
> > silenced..
> 
> You mean seeing that error message only is actually not an error,
> because the next locking method just works?
> 
> In that case, great -- I'll go change dotlock_use_excl, revert the scary
> option (b) of chmod world-writable, and see how it works out. Not using
> NFS anyway.

Seems it did the trick, judging by some quick tests. :)

  guenther


-- 
char *t="\10pse\0r\0dtu\0. at ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}



More information about the dovecot mailing list