20 Nov
2009
20 Nov
'09
4:14 p.m.
On Nov 20, 2009, at 9:06 AM, Frank Cusack wrote:
On November 19, 2009 7:45:05 PM -0500 Timo Sirainen <tss@iki.fi> wrote:
http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz.sig
This is mainly to fix the 0777 base_dir creation issue, which could be considered a security hole, exploitable by local users. An attacker could for example replace Dovecot's auth socket and log in as other users. Gaining root privileges isn't possible though.
Isn't it possible to login as a master user?
"Master user" simply means ability to log in as another user with your own password. There's no way to log in as root.