Re: imap4d LIST and DELETE

[Alain Magloire]

> 
> > > 
> > >   a001 LIST ""  ../../../../../../../../../../etc/passwd
> <snip>
> > > will definitely fail (and a good thing a001 fails ain't it? :)
> > 
> > 8-)
> > Actually I think it should succeed iff exists /home/user/etc/passwd.
> > No? (Playing devils advocate).
> 
> Sure it should. I just didn't think about a user having his own
> /etc/passwd :^)

8-)

> > 
> > A step in the right direction, how about to take it further.
> >  imap4d --namespace='~:/home/shared'
> > 
> > The hierarchy '~'(maps to homedirs) is allowed and the '/home/shared'
> > is also permitted.  Default is only '~'.
> > 
> > Take a look at:
> > http://www.imc.org/rfc2342
> > IMAP4 Namespace
> > 
> > To see, a plausible way of doing things.
> Great! I suppose it is worth implementing. I'll give it a try, if you
> don't mind.

Ok, but it will be tricky, meaning you will have to touch more internals
of the imap4d server then you will actually expected 8-).  This functionnality
affects all command that takes a mailbox pathname as argument, because
they will have to do a proper check to no let things like /etc/passwd
pass thru :

LIST
LSUB (not really since it only list the mailbox you subscribe ~/.mailboxlist)
SUBSCRIBE
UNSUBSCRIBE
CREATE
DELETE
RENAME
STATUS
SELECT
EXAMINE
COPY
APPEND

See rfc2060.txt and errata rfc2060-errata.txt.

Luckily FETCH is not affected 8-).  But LIST can be tricky because
of its recursive nature when doing the awckward '*/%' IMAP4 matchings,
maybe you'll want to leave last 8-).

BTW don't you have write access on subversion.gnu.org?

I'll be busy breaking libmailbox see other posts on the directions.
(should not affect the pop3d/imap3d etc ... in theorie 8-).

-- 
au revoir, alain
----
Aussi haut que l'on soit assis, on n'est toujours assis que sur son cul !!!