Re: POP3, lock files and procmail

From: Jem Berkes (jb_at_users.pc9.org)
Date: 07/13/03 

Date: Sun, 13 Jul 2003 20:40:47 GMT

>> As for the UW software, I'm not comfortable with the security record
>> of UW IMAP. And yes, I've seen the FAQ entry 5.2 ;)
>
> Two buffer overflow bugs in the IMAP server, many years ago (and many
> release versions ago), and that's supposed to extend to the POP3
> server (an entirely different program) and to everything else that
> I've ever written forever?

Whoa, I never said it applies to everything you've written. I would trust
your coding much more than my own. As for IMAP and POP3 daemons, I didn't
know who wrote what and whether there was underlying shared code.

> Are you seriously claiming that buffer overflow bugs never happen in
> Linux? Or that it is possible to install a Linux system
> out-of-the-box on the open Internet without having it promptly rooted?

Who brought up linux? Of course buffer overflows happen. Plenty software
has had vulnerabilities: kernel themselves, openssh, openssl, apache, etc.

I didn't mean to insult you, I'm just saying that my _perception_ was that
there is some security risk associated with the UW software. I didn't know
who developed what components and whether various components (pine, imap,
pop3) used underlying shared code. I am unfamiliar with the software.

Now I apologize. I've definitely had a biased opinion, from ignorance and
some assumptions I've made over the years. 

-- 
Jem Berkes
http://www.pc-tools.net/
Windows, Linux & UNIX software

Relevant Pages

  • Re: evolution - local imap store and downloading from a remote pop mailbox ?
    ... i use my linux pc and download my mails from my pop mailbox into a local message store. ... What i would like to do, is be able to convert my message store into a imap mailbox that i can both access from evolution on linux, and outlook express in windows. ... Set up a suitable imap server and make sure you can talk to it from your client. ... If the client you currently use understands both pop3 and imap then all you need to do is set up a new imap account on the client and copy all the messages across from the pop3 account. ...
    (comp.os.linux.networking)
  • Outlook using IMAP hangs
    ... I was using Outlook express as my client via IMAP over vmware to the ... If I go to the linux side, then find the imap process (it's the wu ... to kill the imap server on the linux side every 15 minutes or so is ...
    (microsoft.public.outlook)
  • Thunderbird / Courier IMAP error?
    ... my FreeBSD box is already running UW IMAP, ... IMAP server to run on a different port. ... I successfully connected and authenticated to my Courier IMAP ... IMAP command received by server." ...
    (comp.mail.imap)
  • Fw: Re: IMAP server and client recommendations?
    ... IMAP server and client recommendations? ... >client that stores its mail in mbox or maildir format. ...
    (freebsd-questions)
  • Re: Email server setup
    ... client in the world to automatically download your POP folder and ... But I like dovecot for my IMAP service, ... So you've run a mail server before? ... 64-bit linux. ...
    (comp.os.linux.setup)