Red Hat Bugzilla – Bug 112468
Temporary files are world writeable
Last modified: 2007-04-18 13:00:45 EDT
# ls -al /tmp total 20 drwxrwxrwt 3 root root 4096 Dec 20 04:20 . drwxr-xr-x 20 root root 4096 Nov 14 05:09 .. -rw-rw-rw- 1 andrewm andrewm 5 Dec 20 04:18 .303.401f # cat .303.401f 18837# ps 18837 PID TTY STAT TIME COMMAND 18837 ? S 0:00 imapd Version-Release number of selected component (if applicable): imap-2001a-18 How reproducible: Always Steps to Reproduce: 1. Connect to server via IMAP Additional info: The umask for root and the user are both set to 077 in their .bashrc
Yep, this security flaw is inherent in the design of UW imap, and is covered in the UW imap FAQ. The UW people believe that this isn't an issue at all, and they refuse to address it. Fixing the problem essentially means forking the UW imap codebase, and maintaining our own fork which is incompatible with all other OS vendors. We have decided to replace UW imap with alternative software in future OS releases instead, due to the large number of security problems in the UW imap software, and frequent security vulnerabilities.
*** This bug has been marked as a duplicate of 39685 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.