|
From: | David Shochat |
Subject: | Re: [Pan-users] Re: Connections [Is it hiding a security hole?] |
Date: | Sat, 16 Aug 2008 19:50:29 -0400 |
User-agent: | Thunderbird 2.0.0.16 (X11/20080724) |
Timothy J. Hamilton wrote:
servers.xml is in .pan2. So as long as you have write access to .pan2 (which would normally be the case), pan could, if it wanted to, delete servers.xml, no matter what its ownership/permissions might be, and re-create it. I do not know that pan does this nor why it would want to; I'm just saying that nothing would prevent it from doing that. Deleting a file requires only write-access to the directory containing it.I tried editing servers.xml as root. No help. I changed permissions andownership. Setting owner as forbidden to write & setting ownership of the fileto root.On startup both times, Pan acted as if it were a new install. Entries in theedited servers.xml were removed.It would seem that somewhere Pan is not respecting *nix file ownership settingsand permissions at least when it comes to servers.xml.
-- David
[Prev in Thread] | Current Thread | [Next in Thread] |