[Dovecot] maildirfolder is created world-writeable

Robert S robert.spam.me.senseless at gmail.com
Wed Jan 21 11:06:51 EET 2009


If I create a new folder using a mail client (eg. kmail/OE), the
maildirfolder file is created world-writable.  I assume that this is a
security risk and should be -rw-------.

eg. - create folder "Foo" in mail client

 ~ $ ls -la .maildir/.Foo/
total 20
drwx------  5 robert users 4096 2009-01-21 19:56 .
drwx------ 43 robert users 4096 2009-01-21 19:56 ..
drwx------  2 robert users 4096 2009-01-21 19:56 cur
-rw-rw-rw-  1 robert users    0 2009-01-21 19:56 maildirfolder
drwx------  2 robert users 4096 2009-01-21 19:56 new
drwx------  2 robert users 4096 2009-01-21 19:56 tmp

Some info:

 # dovecot --version
1.1.7

# dovecot -n
# 1.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.27-gentoo-r7 x86_64 Gentoo Base System release 1.12.11.1
ssl_cert_file: /etc/ssl/dovecot/server.pem
ssl_key_file: /etc/ssl/dovecot/server.key
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /usr/libexec/dovecot/imap-login
mail_location: maildir:~/.maildir
mail_plugins: deleted_to_trash
namespace:
  type: public
  separator: /
  prefix: Public/
  location: maildir:/var/local/mail/public/
  list: yes
namespace:
  type: private
  separator: /
  inbox: yes
  list: yes
  subscriptions: yes
auth default:
  passdb:
    driver: pam
    args: *
  userdb:
    driver: passwd

I can't find this is the bugs area.


More information about the dovecot mailing list