[prev in list] [next in list] [prev in thread] [next in thread]
List: imp
Subject: Re: [imp] BUG?
From: Steven Stern <sds-email-list () mindspring ! com>
Date: 2004-01-11 17:07:27
Message-ID: uk0300p1jhoer9lvhm6u7ptmcaebus1pdi () 4ax ! com
[Download RAW message or body]
On Sun, 11 Jan 2004 17:38:38 +0100, Albert <albert@mentes.org> wrote:
>At 17:09 11/01/2004, you wrote:
>>On Sat, 10 Jan 2004 22:48:22 -0500, Chuck Hagenbuch <chuck@horde.org> wrote:
>>
>> >mailbox.php?mailbox=/etc/passwd
>>
>>Argh. That happens on my box, too, using the default Fedora IMAP server. How
>>should I lock it down to prevent it?
>
>Hello,
>If you use Apache, You can use the mod_security:
>
>http://www.modsecurity.org/
>
>In the mod_security section in my httpd.conf I prevent it at this way:
>
>SecFilter mailbox=/ "redirect:https://webmail.host.org"
>
>P.D. You must make more filters to prevent path traversal..etc...etc.... ;)
>
>Regards,
>Albert
Wouldn't it make more sense to patch mailbox.php to prevent opening a mailbox
that's not on the folders list? I don't know PHP... anyone up to the task?
--
IMP mailing list
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: imp-unsubscribe@lists.horde.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic