Bug 115903

Summary: ipop3d complains about /var/spool/mail permissions
Product: Red Hat Enterprise Linux 3 Reporter: Anil Gangolli <anil>
Component: imapAssignee: John Dennis <jdennis>
Status: CLOSED DUPLICATE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 19:01:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Anil Gangolli 2004-02-16 22:52:08 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET 
CLR 1.0.3705; .NET CLR 1.1.4322)

Description of problem:
See Bug 10678: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?
id=10678.  This looks like a regression.

I am seeing log messages of the form:

Feb 16 14:23:16 sycamore ipop3d[8976]: Mailbox vulnerable - 
directory /var/spool/mail must have 1777 protection

The /var/spool/mail directory has the permissions with which it was 
installed in ES 3.0 Update 1:

drwxrwxr-x    2 root     mail         4096 Feb 16 
14:21 /var/spool/mail

These permissions seem appropriate [See discussion in Bug 10678 as 
well], and the error messages should really be removed from ipop3d; 
if there is any way to disable them, please advise.  The pacakage is 
imap-2002d-2.rpm from the ES 3.0 Update 1 distribution.

I was not seeing these when running 7.2 (with all updates), which I 
was running until 2/15/04.

An additional nuisance is that these messages then trigger LogWatch 
alerts.


Version-Release number of selected component (if applicable):
imap-2002d-2

How reproducible:
Always

Steps to Reproduce:
1. Install RedHat ES 3.0 Update 1
2. Set up sendmail (default).
3. Enable ipop3 service in xinetd
4. Send some mail to an account
5. Connect from any pop3 client 
    

Actual Results:  Spurious vulnerability warnings, but no functional 
problems

Additional info:

This appears to be a regression of Bug 10678.
Comment 1 Mike A. Harris 2004-02-27 10:20:37 UTC 
Yep, it seems a patch must have gotten accidentally dropped
somewhere along the way that squelches that bogus error message.


*** This bug has been marked as a duplicate of 103479 ***
Comment 2 Red Hat Bugzilla 2006-02-21 19:01:20 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.