[Pan-users] Re: Connections [Is it hiding a security hole?]

pan-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Pan-users] Re: Connections [Is it hiding a security hole?]

From:	Duncan
Subject:	[Pan-users] Re: Connections [Is it hiding a security hole?]
Date:	Sun, 17 Aug 2008 02:41:33 +0000 (UTC)
User-agent:	Pan/0.133 (House of Butterflies)

"Timothy J. Hamilton" <address@hidden>
posted address@hidden, excerpted below, on  Sat,
16 Aug 2008 18:33:32 -0400:

> I tried editing servers.xml as root. No help. I changed permissions and
> ownership. Setting owner as  forbidden to write & setting ownership of
> the file to root.
> 
> On startup both times, Pan acted as if it were a new install.  Entries
> in the edited servers.xml were removed.
> 
> It would seem that somewhere Pan is not respecting *nix file ownership
> settings and permissions at least when it comes to servers.xml.

You've already two useful explanations of what's  happening there and why 
it's not the security hole you thought.  That it's the directory 
permissions in this case makes sense, once you know it, but it's still 
easy to forget, and I'm sure it has temporarily stymied even some old *ix 
hands at times, so don't be too hard on yourself.

But it's unclear whether you've yet resolved the original problem, 
servers.xml being rewritten.  I'm guessing what you failed to realize is 
that pan only loads the file at pan start, and rewrites the file when 
it's shutdown.  Naturally, therefore, if you edited the file (effectively 
behind pan's back) while pan was open, all your changes will be 
overwritten when it's closed since pan knew nothing of them.

What you must do, therefore, is remember to close pan before directly 
editing any of its files.  That way, when you restart it, it'll load the 
new data, and resave it when it's shutdown.  Always edit the files with 
pan shutdown and you'll find things work MUCH better! =8^)

(If you're reading the instructions for editing the pan files in pan, as 
I would since I follow this list as a newsgroup on gmane.org, that means 
either remembering them, or saving the post as-a-file elsewhere or 
perhaps forwarding it to your mail, and opening it in either your mail 
client or a text editor so you can follow the instructions with pan 
closed.)

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Pan-users] Re: Connections [Is it hiding a security hole?], Timothy J. Hamilton, 2008/08/16
- Re: [Pan-users] Re: Connections [Is it hiding a security hole?], David Shochat, 2008/08/16
  - Re: [Pan-users] Re: Connections [Is it hiding a security hole?], Timothy J. Hamilton, 2008/08/16
- Re: [Pan-users] Re: Connections [Is it hiding a security hole?], Per Hedeland, 2008/08/16
  - [Pan-users] Re: Connections [Is it hiding a security hole?], Duncan, 2008/08/16
    - Re: [Pan-users] Re: Connections [Is it hiding a security hole?], Per Hedeland, 2008/08/17
    - [Pan-users] Re: Connections [Is it hiding a security hole?], Duncan, 2008/08/17
    - Re: [Pan-users] Re: Connections [Is it hiding a security hole?], Per Hedeland, 2008/08/17
- [Pan-users] Re: Connections [Is it hiding a security hole?], Duncan <=
  - [Pan-users] Re: Connections [Is it hiding a security hole?], Greg Lee, 2008/08/16

Prev by Date: [Pan-users] Re: Connections [Is it hiding a security hole?]
Next by Date: [Pan-users] Re: Old Pan: Cannot see newsgroup 'read' items before March 11
Previous by thread: Re: [Pan-users] Re: Connections [Is it hiding a security hole?]
Next by thread: [Pan-users] Re: Connections [Is it hiding a security hole?]
Index(es):
- Date
- Thread