[Dovecot] SetUID check problem

Timo Sirainen tss at iki.fi
Tue Oct 27 19:12:11 EET 2009


On Tue, 2009-10-27 at 09:03 -0400, Thomas Berezansky wrote:
> But for whatever reason, when deliver is called by something that IS  
> SetUID root I get the following error:
> 
> /usr/local/libexec/dovecot/deliver must not be both world-executable  
> and setuid-root. This allows root exploits. See  
> http://wiki.dovecot.org/LDA#multipleuids

Fixed: http://hg.dovecot.org/dovecot-1.2/rev/ead94beba32a

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20091027/e6c56d36/attachment.bin 


More information about the dovecot mailing list