UW Imap patches

What are those?

While looking for a way to do this, I stumbled over Jauder Ho's work which told uwimap not to store mailboxes in users' homedirs, because when you select the efficient MBX format, you can't do so over NFS (and the homedirs he admined, just like mine, were mounted over NFS)

After looking at his patches, I kept his getrusage() patch, which logs lots of info about each imap session when it ends, and wrote my own patches to achieve the following:

• All the patches below combined (updated 2001/11/02)
• Verbose logs of connections (straight port from Jauder's patch)
• Hiding of . files so that list "" "%" doesn't show all the hidden files and dirs in your homedir when you use the subscribe option in netscape (initially by Jauder)
• Support for conditional MBX inbox and folders: this will have the uwimap daemon look for /var/spool/mbx/user/INBOX, and autoswitch the homedir location and the default folder type to MBX if that mailbox is found. This lets you transparently support both regular users with MBOX folders in their homedir, and users with faster MBX folders directly on the mail server
• Anti FS wandering patch (updated 2001/11/02): this patch is to ensure that if one of your users gets his/her password stolen, a cracker cannot use his account and the imap server to freely browse around your filesystem. I'm not ultra familiar with the uwimap code, so if you think I missed something, please let me know
  (Note that this patch will block access to folders that have ".." in their name, as it requires a lot of checks to allow that without allowing to go one step up in the directory hierachy
  Note too that if a user sets a symlink to / in their mail directory, all bets are off. The patch is not to prevent users from doing stupid things, but to prevent an attacker from abusing your casual's users mail access)

If you wonder about the anti-FS wandering patch.

4 select /etc/passwd
* 1 EXISTS
* * 1 RECENT
* * OK [UIDVALIDITY 998431567] UID validity status
* * OK [UIDNEXT 2] Predicted next UID
* * NO [UIDNOTSTICKY] Non-permanent unique identifiers: /etc/passwd
* * FLAGS (\Answered \Flagged \Deleted \Draft \Seen)
* * OK [PERMANENTFLAGS ()] Permanent flags
* * OK [UNSEEN 1] first unseen message in /etc/passwd
* 4 OK [READ-ONLY] SELECT completed
* 5 fetch 1 body[]
* * 1 FETCH (BODY[] {2507}
* Date: Tue, 21 Aug 2001 15:06:07 -0700
* From: root@servername
* Subject: /etc/passwd
* MIME-Version: 1.0
* Content-Type: TEXT/PLAIN; charset=US-ASCII

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
(...)
5 list "" "/home/%"
* LIST (\NoSelect) "/" /home/
* LIST (\NoSelect) "/" /home/user1
* LIST (\NoSelect) "/" /home/user2
(...)

2 select /etc/passwd
2 NO SELECT failed: Can't open mailbox /etc/passwd: no such mailbox
3 select /home/merlin/.profile
3 NO SELECT failed: Can't open mailbox /home/merlin/.profile: no such mailbox
4 list "../" "%"
4 NO LIST failed: Security: mailboxfile() blocked access to ../ by merlin
10 delete "/home/merlin/Sent"
10 NO DELETE failed: Can't delete mailbox /home/merlin/Sent: no such mailbox

All the patch files can also be found here

Feedback is appreciated

2001/10/31 (18:35): Version 1.0. Initial version
2001/11/01 (16:00): Version 1.1. Updated blcokfswandering patch
2001/11/05 (16:14): Version 1.2. Added two heads up about fswandering patch