[prev in list] [next in list] [prev in thread] [next in thread] 

List:       c-client
Subject:    re: restrictBox bug?
From:       Dave Halsema <halsema () purdue ! edu>
Date:       2003-01-31 3:26:32
[Download RAW message or body]

> Date: Fri, 10 Jan 2003 12:03:35 -0800 (PST)
> From: Mark Crispin <MRC@CAC.Washington.EDU>
> To: Dave Halsema <halsema@purdue.edu>
> Cc: c-client@u.washington.edu
> Subject: re: restrictBox bug?
>
> It is intentional that all names with ".." in them are prohibited under
> restrictBox conditions.  This restriction is, as you noted, a bit excessive
> for pure UNIX systems.  But this code, even in a UNIX-only port, does not only
> run on pure UNIX systems; there's Cygwin as a current example.  Your patch is
> safe on Cygwin, but will it always be?
>
> I've taken the position of "better to be safe than sorry."  It's easier to
> have (and explain) an absolute prohibition on ".." than to have an ever more
> complex determination of what is "safe" and what is "unsafe".
>
> Of course, you can always apply your patch for your site, and it's probably
> fine for you.  That's why I provide sources, and that is why env_unix.c is
> specifically identified as a source code module that people may want to patch
> (and why that routine is in that file).
>
> > I don't know how hard it would be to implement, but it might be
> > nice if mailbox names starting with the following were valid with
> > restrictBox enabled.
>
> That's already there, although it depends upon how you set restrictBox.  It
> won't work if you set RESTRICTOTHERUSER in restrictBox.
>
>

Mark,

Perhaps a bit late, but I just wanted to say thanks for taking the time
to share your thoughts behind the ".." prohibition when restrictBox
is enabled.

Before imap-2002, we had been applying our own patch to get this
feature.  After seeing how many people were negatively affected (very
low), we decided to work with the users to rename their mailboxes
and stick with the standard distribution, which makes it a bit easier
for us to maintain.

For those interested in numbers, we had 33 people out of 45,000+ with
36 mailboxes containing a sequence of two or more dots.  Of those,
many had the exact same mailbox name!

	Misc...

Thanks again.

    -Dave
[prev in list] [next in list] [prev in thread] [next in thread]