Bug 87508

Summary: option request for mail/imap-uw
Product: Ports & Packages Reporter: Stefan Norman <stefan>
Component: Individual Port(s)Assignee: Anders Nordby <anders>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Stefan Norman 2005-10-16 07:30:15 UTC 
By default IMAP-UW will allow users to traverse the filesytem and access any file that 
they could access locally, including /etc/passwd etc. For providers giving out accounts for mail only this creates an unneccesary risk.
See http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1 for vendor description, it's simply insecurity by design.

Fix: 

Change line 47 in src/osdep/unix/env_unix.c from:
  static short restrictBox = NIL; /* is a restricted box */
to:
  static short restrictBox = -1;  /* is a restricted box */
How-To-Repeat: There are many methods to access this, here are two simple ones:

Using squirrelmail see http://www.securityfocus.com/bid/7952

Using scripts from http://www.security.nnov.ru/files/imaptools.tgz
imapget.c - to retrieve file via imap-uw, usage example:
imapget imap.host.name /etc/passwd > passwd
it should work for both text and binary files.
Comment 1 Volker Stolz freebsd_committer freebsd_triage 2005-10-16 09:22:46 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->anders

Over to maintainer
Comment 2 Pav Lucistnik freebsd_committer freebsd_triage 2005-11-25 19:48:18 UTC 
State Changed
From-To: open->closed

Committed, thanks!