389889 – net-mail/uw-imap-2007e-r1: directory /var/spool/mail must have 1777 protection warning in log

Bug 389889 - net-mail/uw-imap-2007e-r1: directory /var/spool/mail must have 1777 protection warning in log

Summary: net-mail/uw-imap-2007e-r1: directory /var/spool/mail must have 1777 protectio...

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Net-Mail Packages

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-11-08 14:04 UTC by Marek Królikowski
Modified:	2011-11-09 06:58 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marek Królikowski 2011-11-08 14:04:54 UTC

Hello after fresh install uw-imap i got spam in maillog about directory /var/spool/mail must have 1777 protection  - i don`t think so this is good idea to give 1777 to /var/spool/mail ....


Reproducible: Always

Steps to Reproduce:
1. Install net-mail/uw-imap-2007e-r1
2. Enable POP3 service by editing /etc/xinetd.d/ipop3s, 
removing "disable=yes", and reloading xinetd
3. Send mail to a user on the system
4. Retrieve that mail using POP3
5. Check /var/log/maillog
Actual Results:  
directory /var/spool/mail must have 1777 protection

Expected Results:  
No warning

Comment 1 Eray Aslan gentoo-dev

2011-11-09 06:58:43 UTC

That is a bogus warning message.  UW suggests the mail spool to be 1777 which will make it vulnerable to local DoS attacks.  That is not an acceptable proposition.

We can patch the UW sources and remove the warning.  But the following alternatives are quicker/better:

* Just ignore it in your logs
* Configure your syslog program not to log this warning
* Create /etc/c-client.cf with the following 2 lines:
I accept the risk
set disable-lock-warning 1