Re: imap4d LIST and DELETE

bug-mailutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: imap4d LIST and DELETE

From:	Alain Magloire
Subject:	Re: imap4d LIST and DELETE
Date:	Wed, 23 May 2001 11:50:18 -0400 (EDT)

Bonjour

> > Ok, but it is a little tricky:
> >
> > 1- The implementation to "jail" file access to "/home/user/Mail"  for 
> > example:
> 
> Suppose we map '/' to '/home'. '~username' is then mapped to '/home/username'.
> Then
> 
>   a001 LIST ""  ../../../../../../../../../../etc/passwd
>   a002 LIST ""  ../../../../../../../../../../Mail/junk
>   a003 DELETE //../../../../../../home/user/Mail/junk
>   a004 LIST "" /home/user/Mail/junk
>   a005 LIST "" /home/user/junk
> 
> will definitely fail (and a good thing a001 fails ain't it? :)

8-)
Actually I think it should succeed iff exists /home/user/etc/passwd.
No? (Playing devils advocate).

> 
>   a006 LIST "" ~user/Mail/junk
>   a007 LIST "" ~/Mail/junk
>   a008 LIST "" ~/junk
> 
> will all succeed. Furthermore:
> 
>   a009 LIST "" ../otheruser/Mail
>   a010 LIST "" ~otheruser/Mail
> 
> will also succeed, provided that /home/otheruser is readable for `user'.

Your making the assumption that all user homedir are under the same
hierarchy(in this case "/home").  This is true in most cases but you
may find site where you will have:
 ~user1 --> /home/user
 ~user2 --> /home2/user2
etc ..

I'd say a009 fails unless there is a /home/user/otheruser/Mail
and a010 succeed.

> > 3- You may wish to provide shared mailboxes access, like
> >    ~bugzilla/Mail/PRs
> >   where users can access different PR's etc ...
> <snip>
> > 5- What about users with a second account:
> >
> >    a00 SELECT ~mysecond_account/Mail/sent
> 
> Again, under the same supposition 
> 
>   a011 LIST "/" *
> 
> will list the contents of /home. Thus ~bugzilla/Mail/PRs will work.
> The same for users with a second account.

Ok.

> 
> > 2- Using chroot () is probably not a good idea, because INBOX
> >   still could map to /var/mail/user.
> Agreed. But INBOX being the only exception from the mapping rule,
> it can be implemented without chroot(), I guess. 

Ok.

> > 4- point (3) does not go well with your idea of only listing
> >   the files own by user.   Imap servers are use
> Yes, you are right. At this point I was way too restrictive. 
> 
> The exact mapping of '/' could be made configurable. For example:
> imap4d --home=/var/users.
> 
> What do you think about it?

A step in the right direction, how about to take it further.
 imap4d --namespace='~:/home/shared'

The hierarchy '~'(maps to homedirs) is allowed and the '/home/shared'
is also permitted.  Default is only '~'.

Take a look at:
http://www.imc.org/rfc2342
IMAP4 Namespace

To see, a plausible way of doing things.


-- 
au revoir, alain
----
Aussi haut que l'on soit assis, on est toujours assis que sur son cul !!!

[Prev in Thread]

Current Thread

[Next in Thread]

imap4d LIST and DELETE, Sergey Poznyakoff, 2001/05/22
- Re: imap4d LIST and DELETE, Alain Magloire, 2001/05/22
- Re: imap4d LIST and DELETE, Sergey Poznyakoff, 2001/05/22
  - Re: imap4d LIST and DELETE, Alain Magloire, 2001/05/22
- Re: imap4d LIST and DELETE, Sergey Poznyakoff, 2001/05/23
  - Re: imap4d LIST and DELETE, Alain Magloire <=
    - Re: imap4d LIST and DELETE, Sergey Poznyakoff, 2001/05/23
    - Re: imap4d LIST and DELETE, Alain Magloire, 2001/05/23
- Re: imap4d LIST and DELETE, Sergey Poznyakoff, 2001/05/23
  - Re: imap4d LIST and DELETE, Alain Magloire, 2001/05/23
    - Re: imap4d LIST and DELETE, Sergey Poznyakoff, 2001/05/24
    - Re: imap4d LIST and DELETE, Alain Magloire, 2001/05/24
- Re: imap4d LIST and DELETE, Sergey Poznyakoff, 2001/05/25

Prev by Date: bug in pop3d/user.c, imap4d/login.c
Next by Date: Re: bug in pop3d/user.c, imap4d/login.c
Previous by thread: Re: imap4d LIST and DELETE
Next by thread: Re: imap4d LIST and DELETE
Index(es):
- Date
- Thread