[Imap-uw] Does wu-imapd allow users to run any other code?

[Mark Crispin]

On Thu, 13 Oct 2005, Johann 'Myrkraverk' Oskarsson wrote:
> I've recently patched rssh, to allow imapd in addition to the other
> commands, for imap over ssh.  Since rssh, a shell, is meant to limit
> users to a pre-defined set of possible commands, like scp and sftp,
> and not shell acess, I was wondering if there were any additional
> issues with wu imapd?  That is, is it possible, with the use of
> command line options, or imap commands, to execute some code on the
> server?  And therefore bypass what rssh is meant to achieve?

UW imapd does not have any command line options or IMAP commands to 
execute some code on the server.

However, you should be aware that IMAP commands are quite powerful.  It is 
therefore highly advisable that you secure your system such that non-root 
users, even with shell access, are preventing from compromising your 
system.  Among other things, this means that you should use appropriate 
file protections to ensure that unprivileged users can not write into 
critical system directories (one UNIX system actually allowed ordinary 
users to create files in /etc !!) or read security-sensitive files.

Also, to be certain that your copy of imapd has no known security issues, 
you should ensure that you have the latest release version of UW imapd. 
Currently, the latest release is imap-2004g.

If you do not have imap-2004g, you can get it from:
 	ftp://ftp.cac.washington.edu/mail/imap.tar.Z

-- Mark --

http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.