[imp] Security problem
Christopher Crowley
ccrowley@tulane.edu
Fri, 7 Sep 2001 15:42:25 -0500
> My users in ther classrom can read another mail from another users,
> i read the FAQ mailing lists about this problem, in the message
I received one report of this problem this morning. A user signed on, and
had access to another user's email inbox.
How can I tell in the MySQL active_sessions table who owns what? I did a
select * from active_sessions limit 1;
and what came back was totally indecipherable to me.
I am running:
IMP 2.2.6
Solaris 8
MySQL Ver 9.38 Distrib 3.22.32, for sun-solaris2.6 (sparc)
PHP 4.0.3pl1
As always, with gratitude,
Chris
>From chuck@horde.org Date: Fri, 7 Sep 2001 17:01:41 -0400
Return-Path: <chuck@horde.org>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 33009 invoked from network); 7 Sep 2001 21:02:12 -0000
Received: from h00104bc60b3c.ne.mediaone.net (HELO marina.horde.org) (24.91.198.7)
by horde.org with SMTP; 7 Sep 2001 21:02:12 -0000
Received: by marina.horde.org (Postfix, from userid 33)
id B894C3A05; Fri, 7 Sep 2001 17:01:41 -0400 (EDT)
Received: from 206.243.191.252 ( [206.243.191.252])
as user chuck@localhost by marina.horde.org with HTTP;
Fri, 7 Sep 2001 17:01:41 -0400
Message-ID: <999896501.3b9935b58beff@marina.horde.org>
Date: Fri, 7 Sep 2001 17:01:41 -0400
From: Chuck Hagenbuch <chuck@horde.org>
To: imp@lists.horde.org
References: <999851001.3b9883f9aae8d@webmail1.umist.ac.uk>
In-Reply-To: <999851001.3b9883f9aae8d@webmail1.umist.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs
Subject: Re: [imp] Sessions problem
Quoting Rachid Chalabi <r.chalabi@umist.ac.uk>:
> The latest version of CVS (Yesterday) and all the versions prior to it (2.3.7)
> seem to be able to remember the preferences of a user who mistypes his/her
> password.
I just fixed this in CVS - thanks for the report!
-chuck
--
Charles Hagenbuch, <chuck@horde.org>
Some fallen angels have their good reasons.
>From r.chalabi@umist.ac.uk Date: Fri, 7 Sep 2001 22:30:50 +0100
Return-Path: <r.chalabi@umist.ac.uk>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 35016 invoked from network); 7 Sep 2001 21:34:14 -0000
Received: from deluge.umist.ac.uk (130.88.120.66)
by horde.org with SMTP; 7 Sep 2001 21:34:14 -0000
Received: from hail.umist.ac.uk ([130.88.120.74])
by deluge.umist.ac.uk with esmtp (Exim 3.22 #1)
id 15fTGN-0007sL-00
for imp@lists.horde.org; Fri, 07 Sep 2001 22:34:11 +0100
Received: from localuser by hail.umist.ac.uk with local (Exim 3.31 #2)
id 15fTD8-0006aC-00
for imp@lists.horde.org; Fri, 07 Sep 2001 22:30:50 +0100
Received: from 213.122.40.222 ( [213.122.40.222]) by webmail1.umist.ac.uk with HTTP;
Fri, 7 Sep 2001 22:30:50 +0100
Message-ID: <999898250.3b993c8a2bf2d@webmail1.umist.ac.uk>
Date: Fri, 7 Sep 2001 22:30:50 +0100
From: Rachid Chalabi <r.chalabi@umist.ac.uk>
To: imp@lists.horde.org
References: <999851001.3b9883f9aae8d@webmail1.umist.ac.uk> <999896501.3b9935b58beff@marina.horde.org>
In-Reply-To: <999896501.3b9935b58beff@marina.horde.org>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
User-Agent: based on Internet Messaging Program (IMP) 2.3.7-cvs
Subject: Re: [imp] Sessions problem
I am very grateful for the speed and quality of the response. On another note
how difficult is it to implement multiple message actions such as bounce and
forward (a la pine). I would then be a happy camper and so would my users. BTW
there is another bug in that the expand of aliases fail when an address in the
is empty (eg.
Warning: Undefined offset: 1
in /home/webmailman/htdocs/newhorde/imp/compose.php on line 223
in compose.php 2.347)/
Rachid
Quoting Chuck Hagenbuch <chuck@horde.org>:
> Quoting Rachid Chalabi <r.chalabi@umist.ac.uk>:
>
> > The latest version of CVS (Yesterday) and all the versions prior to it
> (2.3.7)
> > seem to be able to remember the preferences of a user who mistypes his/her
>
> > password.
>
> I just fixed this in CVS - thanks for the report!
>
> -chuck
>
> --
> Charles Hagenbuch, <chuck@horde.org>
> Some fallen angels have their good reasons.
>
> --
> IMP mailing list: http://horde.org/imp/
> Archive: http://marc.theaimsgroup.com/?l=imp&r=1&w=2
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe@lists.horde.org
>
>
>
>From chuck@horde.org Date: Fri, 7 Sep 2001 17:38:36 -0400
Return-Path: <chuck@horde.org>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 36168 invoked from network); 7 Sep 2001 21:39:07 -0000
Received: from h00104bc60b3c.ne.mediaone.net (HELO marina.horde.org) (24.91.198.7)
by horde.org with SMTP; 7 Sep 2001 21:39:07 -0000
Received: by marina.horde.org (Postfix, from userid 33)
id A62643A05; Fri, 7 Sep 2001 17:38:36 -0400 (EDT)
Received: from 206.243.191.252 ( [206.243.191.252])
as user chuck@localhost by marina.horde.org with HTTP;
Fri, 7 Sep 2001 17:38:36 -0400
Message-ID: <999898716.3b993e5c7e6ac@marina.horde.org>
Date: Fri, 7 Sep 2001 17:38:36 -0400
From: Chuck Hagenbuch <chuck@horde.org>
To: imp@lists.horde.org
References: <999851001.3b9883f9aae8d@webmail1.umist.ac.uk> <999896501.3b9935b58beff@marina.horde.org> <999898250.3b993c8a2bf2d@webmail1.umist.ac.uk>
In-Reply-To: <999898250.3b993c8a2bf2d@webmail1.umist.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs
Subject: Re: [imp] Sessions problem
Quoting Rachid Chalabi <r.chalabi@umist.ac.uk>:
> On another note how difficult is it to implement multiple message actions
> such as bounce and forward (a la pine).
It's not trivial. We'll take a patch. :)
> BTW there is another bug in that the expand of aliases fail when an address
> in the is empty (eg. Warning: Undefined offset: 1
> in /home/webmailman/htdocs/newhorde/imp/compose.php on line 223 in
> compose.php 2.347)
Jan?
-chuck
--
Charles Hagenbuch, <chuck@horde.org>
Some fallen angels have their good reasons.