[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: imap4d LIST and DELETE
From: |
Alain Magloire |
Subject: |
Re: imap4d LIST and DELETE |
Date: |
Wed, 23 May 2001 13:33:49 -0400 (EDT) |
>
> > >
> > > a001 LIST "" ../../../../../../../../../../etc/passwd
> <snip>
> > > will definitely fail (and a good thing a001 fails ain't it? :)
> >
> > 8-)
> > Actually I think it should succeed iff exists /home/user/etc/passwd.
> > No? (Playing devils advocate).
>
> Sure it should. I just didn't think about a user having his own
> /etc/passwd :^)
8-)
> >
> > A step in the right direction, how about to take it further.
> > imap4d --namespace='~:/home/shared'
> >
> > The hierarchy '~'(maps to homedirs) is allowed and the '/home/shared'
> > is also permitted. Default is only '~'.
> >
> > Take a look at:
> > http://www.imc.org/rfc2342
> > IMAP4 Namespace
> >
> > To see, a plausible way of doing things.
> Great! I suppose it is worth implementing. I'll give it a try, if you
> don't mind.
Ok, but it will be tricky, meaning you will have to touch more internals
of the imap4d server then you will actually expected 8-). This functionnality
affects all command that takes a mailbox pathname as argument, because
they will have to do a proper check to no let things like /etc/passwd
pass thru :
LIST
LSUB (not really since it only list the mailbox you subscribe ~/.mailboxlist)
SUBSCRIBE
UNSUBSCRIBE
CREATE
DELETE
RENAME
STATUS
SELECT
EXAMINE
COPY
APPEND
See rfc2060.txt and errata rfc2060-errata.txt.
Luckily FETCH is not affected 8-). But LIST can be tricky because
of its recursive nature when doing the awckward '*/%' IMAP4 matchings,
maybe you'll want to leave last 8-).
BTW don't you have write access on subversion.gnu.org?
I'll be busy breaking libmailbox see other posts on the directions.
(should not affect the pop3d/imap3d etc ... in theorie 8-).
--
au revoir, alain
----
Aussi haut que l'on soit assis, on n'est toujours assis que sur son cul !!!
Re: imap4d LIST and DELETE, Sergey Poznyakoff, 2001/05/25