antispam address
dario underscore d underscore s AT unitech d0t com d0t
ar
The "read mail" module, allows you to attach a file even
when the user is set to be unable to attach server files
(sorry fot my english)
I were able to attach /etc/passwd and others files.
Setting tighter file permissions.
May be "chrooting" the user could avoid this. In this
particular system I manage, they are not allowed to
login, but they are not "chrooted".
Probably modifing the pl file. But I don't program in perl :-
)
Logged In: YES
user_id=129364
This is not really a bug, as normal Unix file permissions
still apply, so really critical files like /etc/shadow
cannot be used as a signature. Also, the feature for
attaching server-side files could be used in the same way ..