> There was something a while ago on bugtraq about pinelock
> files and how they were mode 666. This program I wrote takes this idea
> and brings it a step further into an easy way to show why this is a
> problem. My program <pinelock.csh> allows you to log off a user or kill
> one of their processes IF they open up a second session of pine. It
> isn't terribly useful, except for annoying a user. However, if root opens
> up two sessions of pine, I can think of some interesting processes and
> daemons which might be killed. Copies of this program will be stored
> at http://kepler.poly.edu/~rharri01/. Click on files and
> then click on pinelock.csh. Have fun!
Not sure if this is the right thing to do, or if it will cause problems with
other parts of pine but there is a quick fix.
bash# diff env_unix.c~ env_unix.c
< static long lock_protection = 0666;
--- > static long lock_protection = 0600;
this file can be found in imap/c-client under the source tree of pine-3.96 and leaves the lock file mode 600: -rw------- 1 jbourne users 4 Dec 6 11:16 .2.21200505
IMHO opening/leaving any file on the file system mode 666 is a bad idea, esp if it's in a directory that has public write permissions.
Regards, James Bourne
> > -Iconoclast > email@example.com-- James Bourne | E-Mail: firstname.lastname@example.org System Administrator | WWW: http://www.island.net Island Internet Inc. | Linux - The choice of a GNU generation