On Wed, 2008-06-18 at 09:35 +0200, Dan Horák wrote: > this issue was discussed here twice in the not so far history > (http://www.dovecot.org/list/dovecot/2008-January/028317.html, > http://www.dovecot.org/list/dovecot/2008-February/029147.html), but I > need to open it again as it makes problems for our users on one side and > on the other side we don't want to diverge from the upstream sources in > our packages. I agree with Timo that simply disabling the symlink > following in creating the mailbox list can give a false sense of > security so the question is whether a permanent solution can be > developed and how it should look like?
Permanent solution would be to put your mailboxes in a separate directory where users preferrably don't even have write access, so they can't create broken symlinks. Other than that, I see only kludgy solutions. Although I suppose I could consider including a check that keeps track of which directories are scanned and stops if it encounters a loop. Is your problem with loops or just that symlinks point to huge directory structures outside home dir?
signature.asc
Description: This is a digitally signed message part
