Title: Untitled Document
Tom,
We actually build two versions of imap - the production version with a
shared library with restrictbox and a also set of statically linked
admin tools without restrictbox set. This allows us to perform admin
functions such as the ones you are describing and at the same time,
limits our customers access when they access our systems.
Mark Crispin wrote:
Tom -
You aren't missing anything. restrictBox is implemented in a very
paranoid fashion, and almost certainly can be relaxed safely.
In designing the distribution rules for restrictBox, I didn't go by
"what is unsafe"; I went by "what might under some set of circumstances
(that I don't necessarily even know about) be unsafe." The whole idea
being that I don't have to deal with some security alert because
restrictBox failed to check for something. Arguably, I should go
further and prohibit "%" under restrictBox as well... ;-)
We don't use restrictBox here.
On Thu, 8 May 2008, Tom Leach wrote:
I need to ease the folder name restrictions
imposed by restrictBox in mailboxfile() but I have a couple of
questions. First off, I have restrictBox set to -1 so all flags are
set.
Does the restriction of "//" have any meaning if we're not using Samba
on a Linux system? I'm trying to see where that would be a path
security problem but I just don't see an issue unless it could be a
cifs one.
Second, we're moving from mbox to mix and an older (non-restrictBox
set) uw_imapd, and I have some people with .. in their folder names.
The restriction of ".." is preventing me from converting those boxes
(and the use of them by the owners) so i was thinking of changing
strstr (name,"..") to strstr (name,"/..") || strstr (name,"../") but I
wanted opinions on what cases I was missing. I've tried tossing in %2f
to see if that would be parsed as a / but so far, it's always be
literal (foo%2f..%2fbar instead of foo/../bar).
So, opinions on what I'm missing???
Thanks,
Tom Leach
[EMAIL PROTECTED]
_______________________________________________
Imap-uw mailing list
Imap-uw@u.washington.edu
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
-- Mark --
http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.
_______________________________________________
Imap-uw mailing list
Imap-uw@u.washington.edu
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
--
Bob
Atkins |
President/CEO |
Business Inter-net-working
The Cure for the Common ISP!
|
Phone: (310) 577-9450
Fax: (310) 577-3360
eMail: [EMAIL PROTECTED]
|
|
_______________________________________________
Imap-uw mailing list
Imap-uw@u.washington.edu
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw