From owner-freebsd-security  Fri Dec  4 09:35:56 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA28571
          for freebsd-security-outgoing; Fri, 4 Dec 1998 09:35:56 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from haldjas.folklore.ee (Haldjas.folklore.ee [193.40.6.121])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA28559
          for <security@FreeBSD.ORG>; Fri, 4 Dec 1998 09:35:47 -0800 (PST)
          (envelope-from narvi@haldjas.folklore.ee)
Received: from haldjas.folklore.ee (haldjas.folklore.ee [172.17.2.1] (may be forged))
          by haldjas.folklore.ee (8.8.8/8.8.4) with SMTP
	  id TAA14865; Fri, 4 Dec 1998 19:34:53 +0200 (EET)
Date: Fri, 4 Dec 1998 19:34:53 +0200 (EET)
From: Narvi <narvi@haldjas.folklore.ee>
To: Simon Josefsson <jas@pdc.kth.se>
cc: andrew@squiz.co.nz, FreeBSD Security <security@FreeBSD.ORG>
Subject: Re: IMAP (was Re: mail.local)
In-Reply-To: <iluk907g9k0.fsf@xiphias.pdc.kth.se>
Message-ID: <Pine.BSF.3.96.981204193358.21183A-100000@haldjas.folklore.ee>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On 4 Dec 1998, Simon Josefsson wrote:

> Andrew McNaughton <andrew@squiz.co.nz> writes:
> 
> > So, does anyone know an IMAP server which can be set up to limit which
> > areas of the file system are accessible, and preferably that can run of a
> > passwd file other than the system one?
> 
> Cyrus IMAPD for instance.  There is nothing in the IMAP protocol that
> says you have to export your file system to the world -- it's just a
> protocol for transfering messages (basicly).
> 
> If you configure your IMAP to export everything to the world it will,
> but you really can't blaim the design of IMAP or the IMAP RFC for
> that.
> 
> By default the Cyrus IMAPD store the article in /var/spool/imap (or
> similar), and there are user configurable ACL's in the protocol
> (similar to AFS ACL's) restricting access to the mailboxes.
> 
> The UWash server is designed to export the entire unix file system via
> IMAP, this is a design choice and if you don't like it, configure it
> not to or use another IMAP server.
> 
> /s
> 

Shouldn't the FreeBSD port "by-default" configure it in a secure way, that
is, the file system import disabled?

	Sander

	There is no love, no good, no happiness and no future -
	all these are just illusions.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message