thr3ads.net - dovecot - [Dovecot] ACLs are applied recursively to sub mailboxes [Mar 2009]

If this information is useful, please help other people find it:
Share via:

Sascha Wilde

2009-Mar-04 16:01 UTC

[Dovecot] ACLs are applied recursively to sub mailboxes

Hi *,

The problem is most noticeable when a user shares his INBOX[0][1] with
others:

User A sets his INBOX acls to "eilprwtsd"

Now User B can see _all_ sub mailboxes and sub sub [...] mailboxes and
their contents of User A:

User A:
  g getacl INBOX
  * ACL "INBOX" "A at example.com" akxeilprwtscd "B at
example.com" eilprwtsd "A at example.com" lrwstipekxacd
  g OK Getacl completed.
  g getacl INBOX/foobar
  * ACL "INBOX/foobar" "1 at aztec.intevation.de"
lrwstipekxacd

User B:
  l list "" "*"
  * LIST (\Noselect \HasChildren) "/" "user"
  * LIST (\Noselect \HasChildren) "/" "user/1 at
aztec.intevation.de"
  * LIST (\HasChildren) "/" "INBOX"
  * LIST (\HasNoChildren) "/" "INBOX/Gesendet"
  * LIST (\HasChildren) "/" "user/1 at
aztec.intevation.de/foobar"
  * LIST (\HasNoChildren) "/" "user/1 at
aztec.intevation.de/foobar/barbaaz"
  * LIST (\HasNoChildren) "/" "user/1 at
aztec.intevation.de/INBOX"
  l OK List completed.

The RfC is not to verbose on this topic of scope, but I think the
following excerpt from RfC4314:

  2.  Access Control

  [...]

     An access control list is a set of <access identifier,rights>
     pairs.  An ACL applies to a mailbox name.

indicates that ACLs are only valid for individual mailboxes (name) and
not for sub mailboxes.

cheers
sascha

[0] Yes, there are really actual users wanting to do this.
[1] There is actually another bug in this context I'll report in my next
    mail...
-- 
Sascha Wilde                                          OpenPGP key: 4BB86568
http://www.intevation.de/~wilde/                  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck; AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer:   Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20090304/b6563bde/attachment-0002.bin>

Sascha Wilde

2009-Mar-04 16:05 UTC

head link

[Dovecot] ACLs are applied recursively to sub mailboxes

Sascha Wilde <wilde at intevation.de> writes:

Ooops some search and replace missing, the example should read:
> User A:
>   g getacl INBOX
>   * ACL "INBOX" "A at example.com" akxeilprwtscd
"B at example.com" eilprwtsd "A at example.com"
lrwstipekxacd
>   g OK Getacl completed.
>   g getacl INBOX/foobar
>   * ACL "INBOX/foobar" "A at example.com" lrwstipekxacd
>
> User B:
>   l list "" "*"
>   * LIST (\Noselect \HasChildren) "/" "user"
>   * LIST (\Noselect \HasChildren) "/" "user/A at
example.com"
>   * LIST (\HasChildren) "/" "INBOX"
>   * LIST (\HasNoChildren) "/" "INBOX/Gesendet"
>   * LIST (\HasChildren) "/" "user/A at
example.com/foobar"
>   * LIST (\HasNoChildren) "/" "user/A at
example.com/foobar/barbaaz"
>   * LIST (\HasNoChildren) "/" "user/A at
example.com/INBOX"
>   l OK List completed.
cheers
sascha
-- 
Sascha Wilde                                          OpenPGP key: 4BB86568
http://www.intevation.de/~wilde/                  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck; AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer:   Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20090304/6f7f9a75/attachment-0002.bin>

Timo Sirainen

2009-Mar-04 16:19 UTC

head link

[Dovecot] ACLs are applied recursively to sub mailboxes

On Wed, 2009-03-04 at 17:01 +0100, Sascha Wilde wrote:> Hi *,
> 
> The problem is most noticeable when a user shares his INBOX[0][1] with
> others:
> 
> User A sets his INBOX acls to "eilprwtsd"
> 
> Now User B can see _all_ sub mailboxes and sub sub [...] mailboxes and
> their contents of User A:
That shouldn't happen. There's no code for doing recursive ACLs. Sounds
more like a bug somewhere. I'll check it later.
>   * ACL "INBOX" "A at example.com" akxeilprwtscd
"B at example.com" eilprwtsd "A at example.com"
lrwstipekxacd
A at example.com is there twice?..
>   * LIST (\HasChildren) "/" "user/1 at
aztec.intevation.de/foobar"
How does user B see this mailbox's ACLs? Is the mailbox also selectable?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20090304/a7b680a3/attachment-0002.bin>

Apparently Analagous Threads

Search for more reasonably related threads

dovecot - Mar 2009 - ACLs are applied recursively to sub mailboxes

[Dovecot] ACLs are applied recursively to sub mailboxes

[Dovecot] ACLs are applied recursively to sub mailboxes

[Dovecot] ACLs are applied recursively to sub mailboxes

Apparently Analagous Threads