summaryrefslogtreecommitdiff
path: root/packages/pine/pine-4.63/pine-4.40-lockfile-perm.patch
diff options
context:
space:
mode:
Diffstat (limited to 'packages/pine/pine-4.63/pine-4.40-lockfile-perm.patch')
-rw-r--r--packages/pine/pine-4.63/pine-4.40-lockfile-perm.patch22
1 files changed, 22 insertions, 0 deletions
diff --git a/packages/pine/pine-4.63/pine-4.40-lockfile-perm.patch b/packages/pine/pine-4.63/pine-4.40-lockfile-perm.patch
new file mode 100644
index 0000000000..f2cb434de2
--- /dev/null
+++ b/packages/pine/pine-4.63/pine-4.40-lockfile-perm.patch
@@ -0,0 +1,22 @@
+--- pine4.40/imap/src/osdep/unix/env_unix.h.lock_protection_fix Thu Oct 4 05:26:33 2001
++++ pine4.40/imap/src/osdep/unix/env_unix.h Thu Oct 4 05:30:33 2001
+@@ -46,12 +46,15 @@
+
+
+ /*
+- * Attention: all sorcerer's apprentices who think that 0666 is a mistake.
+- * You are wrong. Read the FAQ. Do not meddle in the affairs of wizards,
+- * for they are subtle and quick to anger.
++ * Attention: all people who do not care about OS security, and think that
++ * mode 0666 is a correct. You are wrong. In modern multiuser systems,
++ * both remote and local security is critically important. Allowing 0666
++ * lockfiles, allows all sorts of security problems to occur. Feel free to
++ * meddle with it however, if you do not care about local security.
+ */
+
+-#define MANDATORYLOCKPROT 0666 /* don't change this */
++/* Change this only if you do not want a secure multiuser system */
++#define MANDATORYLOCKPROT 0600
+
+ /* Function prototypes */
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-02 05:04:23 +0000