[imp] BUG?
Chuck Hagenbuch
chuck at horde.org
Sat Jan 10 19:48:22 PST 2004
Quoting Albert <albert at mentes.org>:
> I installed yesterday the IMP 3.2.2 + UW IMAP 2003.338, the IMAP protocol
> allows me to list folders and to see files in the system, this IMAP version
> (UW) doesn't make a great control.
>
> In my scenario I filter the access to the IMAP, but I leave the Webmail
> accessible, if I change this way the mailbox:
>
> http://webmail.hosts.test/horde/imp/mailbox.php?mailbox=/etc/passwd
>
> I read the /etc/passwd through the Webmail. Should IMP control this?
No. You should use a different IMAP server, or lock down UW more, if you don't
want that to be possible.
-chuck
--
Charles Hagenbuch, <chuck at horde.org>
"Here, I brought some cole slaw. It's made from peeeooople! Just kidding."
More information about the imp
mailing list