On Fri, 21 Oct 2005, Thomas Wolff wrote:
* fetchmailconf now changes the output file to mode 0600 BEFORE writing to
so there is no window where passwords could be read by the world.
This doesn't sound quite right. The only safe way is to CREATE the
file in 600 mode right away. If you just CHANGE to 600 even before writing
to it, there IS an unsafe window.
Try the following:
tail -f x
Then in another shell:
chmod -r x
echo bla >> x
"bla" will show up in the first window, read by "tail".
Right you are, and thanks for reporting the problem.
(Thanks also to Miloslav Trmac, who also reported the problem.)
Actually, the new script also sets the umask to 077 before opening the
file, so we're doing the right thing, only the NEWS file is off track.
I have uploaded a new version of a security announcement, now at
http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt and will ship it to
pertinent lists shortly.
I have also withdrawn fetchmailconf-1.43.1 and the corresponding patch
from distribution and uploaded fetchmailconf-1.43.2 for users of
Please, further discussion only on
Warning: reply-to is set - take care should you desire to mail me
directly - some mailers require you to manually pick "To Sender Only" or
Fetchmail-friends mailing list