imap4d LIST and DELETE

bug-mailutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

imap4d LIST and DELETE

From:	Sergey Poznyakoff
Subject:	imap4d LIST and DELETE
Date:	Tue, 22 May 2001 13:55:11 +0300

Is it right that issuing command

  a002 LIST "/" *

a user can receive the *whole* directory hierarchy on the server? The
rfc2060 seems to be somehow misty about it, but it seems to be
a security compromise... Another security question: issuing

  a002 DELETE filename

deletes the `filename' even if it is not a valid maildrop. Is IMAP4
supposed to operate on any regular files or just on maildrops? Maybe
we would be better off restricting the critical operations (like DELETE)
to valid maildrops only?

Cheers,
Sergey

[Prev in Thread]

Current Thread

[Next in Thread]

imap4d LIST and DELETE, Sergey Poznyakoff <=
- Re: imap4d LIST and DELETE, Alain Magloire, 2001/05/22
- Re: imap4d LIST and DELETE, Sergey Poznyakoff, 2001/05/22
  - Re: imap4d LIST and DELETE, Alain Magloire, 2001/05/22
- Re: imap4d LIST and DELETE, Sergey Poznyakoff, 2001/05/23
  - Re: imap4d LIST and DELETE, Alain Magloire, 2001/05/23
    - Re: imap4d LIST and DELETE, Sergey Poznyakoff, 2001/05/23
    - Re: imap4d LIST and DELETE, Alain Magloire, 2001/05/23
- Re: imap4d LIST and DELETE, Sergey Poznyakoff, 2001/05/23
  - Re: imap4d LIST and DELETE, Alain Magloire, 2001/05/23
    - Re: imap4d LIST and DELETE, Sergey Poznyakoff, 2001/05/24

Prev by Date: Re: sys_siglist compatibility.
Next by Date: Re: imap4d LIST and DELETE
Previous by thread: bug in mbx_mboxscan.c
Next by thread: Re: imap4d LIST and DELETE
Index(es):
- Date
- Thread