/usr/share/doc/imap-2000c/CONFIG gives instructions for increasing the security of pop/imap by hacking the code and recompiling. following these instructions makes it impossible to participate in redhat upgrades. imap as being historically one of the banes of linux/redhat security (remember the 5.x fiasco?) should, like named, take a command-line argument to allow chrooting the server immediately after authentication is complete. below is the patch I use...mail goes to ~/mail/INBOX and the user is chrooted to ~/mail ... it seems that ~/mail and INBOX should be two separate command- line options to '/usr/sbin/imapd' stig I tag this as 'high/security' because if the server's aren't chrooted, the server is much more vulnerable to bugs in the post-login segment of the server's code...and if you chroot the server, security updates for pre-chroot exploits cannot be located by up2date. ## /usr/src/redhat/SOURCES >> more imap-chroot.patch --- imap-2000c/src/osdep/unix/env_unix.c Fri Dec 7 21:07:40 2001 +++ imap-2000c.hacked/src/osdep/unix/env_unix.c Fri Dec 7 21:17:44 2001 @@ -1,3 +1,5 @@ +#define CHROOT_SERVER 1 + /* * Program: UNIX environment routines * @@ -532,6 +534,13 @@ char *argv[]) { long ret = NIL; +#ifdef CHROOT_SERVER + char chroot_subdir[MAILTMPLEN]; + /* use "mail" subdirectory of home directory */ + sprintf (chroot_subdir,"%s/mail",home); +#endif + /* paranoid site, lock out other directories */ + /* OK if matches authorization ID */ if (authuser && strcmp (authuser,pw->pw_name)) { struct group *gr = getgrnam ((char *) admin_grp); @@ -550,8 +559,8 @@ /* if same as EUID, treat as application */ else if (pw->pw_uid == geteuid ()) ret = env_init (user,home); #ifdef CHROOT_SERVER - /* paranoid site, lock out other directories */ - else if (chdir (home) || chroot (home)); + /* else if (chdir (home) || chroot (home)); */ + else if (chdir (chroot_subdir) || chroot (chroot_subdir)); #endif else { /* in case loginpw() smashes these */ /* in case user/home comes from pw struct */ @@ -645,6 +654,7 @@ ^L /* use real home directory */ myHomeDir = cpystr (home ? home : ANONYMOUSHOME); + dorc (strcat (strcpy (tmp,myHomeDir),"/.mminit"),T); dorc (strcat (strcpy (tmp,myHomeDir),"/.imaprc"),NIL); #ifndef DISABLE_AUTOMATIC_SHARED_NAMESPACES @@ -761,7 +771,11 @@ { char tmp[MAILTMPLEN]; if (!sysInbox) { /* initialize if first time */ +#if 0 /* qmail hack --stig */ sprintf (tmp,"%s/%s",MAILSPOOL,myusername ()); +#else + sprintf (tmp,"%s/INBOX",myhomedir ()); +#endif sysInbox = cpystr (tmp); /* system inbox is from mail spool */ } return sysInbox; ------------------ now this would seem to be close but imperfect. it works for me for pop3, but doesn't work 100% for imap's needs... (i was hoping i could get you started on this and you could finish it...) it can read folders 0007 STATUS "big-attachments" (MESSAGES UNSEEN) * STATUS big-attachments (MESSAGES 6 UNSEEN 0) 0007 OK STATUS completed but not figure out which folders there are... 00R4 LIST "" "*" * LIST (\NoInferiors) NIL INBOX 00R4 OK LIST completed 00R5 LSUB "" "*" * LSUB (\NoInferiors) NIL INBOX 00R5 OK LSUB completed
All such new feature enhancement requests like this should be made to upstream maintainers. Incompatible fork's of such codebases rarely make upstream maintainers happy of any software package. In the case of UW imap, the codebase is developed behind closed doors with zero community involvement, then thrown over the fence for public usage once or twice a year or so. The license is not GPL or BSD compatible either, which is another point against UW imap.