[Dovecot] maildirfolder is created world-writeable
Robert S
robert.spam.me.senseless at gmail.com
Wed Jan 21 11:06:51 EET 2009
If I create a new folder using a mail client (eg. kmail/OE), the
maildirfolder file is created world-writable. I assume that this is a
security risk and should be -rw-------.
eg. - create folder "Foo" in mail client
~ $ ls -la .maildir/.Foo/
total 20
drwx------ 5 robert users 4096 2009-01-21 19:56 .
drwx------ 43 robert users 4096 2009-01-21 19:56 ..
drwx------ 2 robert users 4096 2009-01-21 19:56 cur
-rw-rw-rw- 1 robert users 0 2009-01-21 19:56 maildirfolder
drwx------ 2 robert users 4096 2009-01-21 19:56 new
drwx------ 2 robert users 4096 2009-01-21 19:56 tmp
Some info:
# dovecot --version
1.1.7
# dovecot -n
# 1.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.27-gentoo-r7 x86_64 Gentoo Base System release 1.12.11.1
ssl_cert_file: /etc/ssl/dovecot/server.pem
ssl_key_file: /etc/ssl/dovecot/server.key
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /usr/libexec/dovecot/imap-login
mail_location: maildir:~/.maildir
mail_plugins: deleted_to_trash
namespace:
type: public
separator: /
prefix: Public/
location: maildir:/var/local/mail/public/
list: yes
namespace:
type: private
separator: /
inbox: yes
list: yes
subscriptions: yes
auth default:
passdb:
driver: pam
args: *
userdb:
driver: passwd
I can't find this is the bugs area.
More information about the dovecot
mailing list