Bug 109539 - "Mailbox vulnerable - directory /var/spool/mail must have 1777 protection"
"Mailbox vulnerable - directory /var/spool/mail must have 1777 protection"
Status: CLOSED DUPLICATE of bug 103479
Product: Fedora
Classification: Fedora
Component: imap (Show other bugs)
1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: John Dennis
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-11-09 00:24 EST by Jordan Russell
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 13:59:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jordan Russell 2003-11-09 00:24:04 EST
Description of problem:
When I retrieve mail using the POP3 server in fedora-1's new imap 
package, I get "Mailbox vulnerable" messages in /var/log/maillog:

Nov  8 23:11:54 host ipop3d[1172]: pop3 service init from 12.34.56.78
Nov  8 23:11:54 host ipop3d[1172]: Mailbox vulnerable - 
directory /var/spool/mail must have 1777 protection
Nov  8 23:11:54 host ipop3d[1172]: Login user=username host=
[12.34.56.78] nmsgs=0/0
Nov  8 23:11:54 host ipop3d[1172]: Mailbox vulnerable - 
directory /var/spool/mail must have 1777 protection
Nov  8 23:11:54 host ipop3d[1172]: Logout user=username host=
[12.34.56.78] nmsgs=0 ndele=0

Problem did not exist in Red Hat Linux 9.


Version-Release number of selected component (if applicable):
imap-2000d-3

How reproducible:
Always

Steps to Reproduce:
1. Install imap-2000d-3
2. Enable POP3 service by editing /etc/xinetd.d/ipop3, 
removing "disable=yes", and reloading xinetd
3. Send mail to a user on the system
4. Retrieve that mail using POP3
5. Check /var/log/maillog
  
Additional info:

My guess is that the directory doesn't really need 1777 permissions; 
imap may just be built with the wrong options. An old Red Hat Linux 
release from several years ago (6.0 maybe; I'm not sure) gave this 
same error, and it got fixed without changing the permissions on the 
directory.
Comment 1 Jordan Russell 2003-11-09 02:57:41 EST
Whoops, got the release number wrong. Should be:
imap-2002d-3
Comment 2 Mike A. Harris 2004-02-27 05:24:14 EST

*** This bug has been marked as a duplicate of 103479 ***
Comment 3 Red Hat Bugzilla 2006-02-21 13:59:53 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.