On Fri, 16 Feb 2007, Bron Gondwana wrote:

Looks innocent, doesn't it...

Mea culpa (and a definite "Argh, how did I miss _that_" when it was pointed out to me yesterday).

I would advise anyone who has been using replication for any length of time to undertake an audit of the files on their replicas to ensure that none of them have been replaced by this, because if you need to "fail over" you could present users with emails that are not their own. A simple size check will find almost all cases, compare what the imapd returns for rfc822.size with the size of the file on disk. If you want to get fancy - compute the sha1 or similar of the file at each end and compare that.

This incident underlines the need for automated sanity checks. People shouldn't just blindly trust the replication system.

I generate (and constantly regenerate) checksums for message bodies and cache entries. On four occasions this has picked up oddities which in hindsight were obviously this bug.

--
David Carter                             Email: [EMAIL PROTECTED]
University Computing Service,            Phone: (01223) 334502
New Museums Site, Pembroke Street,       Fax:   (01223) 334679
Cambridge UK. CB2 3QH.
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Reply via email to