87508 – option request for mail/imap-uw

Bug 87508 - option request for mail/imap-uw

Summary: option request for mail/imap-uw

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Anders Nordby

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-10-16 07:30 UTC by Stefan Norman
Modified:	2005-11-25 19:49 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Norman 2005-10-16 07:30:15 UTC

By default IMAP-UW will allow users to traverse the filesytem and access any file that 
they could access locally, including /etc/passwd etc. For providers giving out accounts for mail only this creates an unneccesary risk.
See http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1 for vendor description, it's simply insecurity by design.

Fix: 

Change line 47 in src/osdep/unix/env_unix.c from:
  static short restrictBox = NIL; /* is a restricted box */
to:
  static short restrictBox = -1;  /* is a restricted box */
How-To-Repeat: There are many methods to access this, here are two simple ones:

Using squirrelmail see http://www.securityfocus.com/bid/7952

Using scripts from http://www.security.nnov.ru/files/imaptools.tgz
imapget.c - to retrieve file via imap-uw, usage example:
imapget imap.host.name /etc/passwd > passwd
it should work for both text and binary files.

Comment 1 Volker Stolz freebsd_committer

2005-10-16 09:22:46 UTC

Responsible Changed
From-To: freebsd-ports-bugs->anders

Over to maintainer

Comment 2 Pav Lucistnik freebsd_committer

2005-11-25 19:48:18 UTC

State Changed
From-To: open->closed

Committed, thanks!