On Tue, Jan 24, 2012 at 01:49:52PM +1100, Greg Banks wrote:
> I've been told I should do reviews more openly. Ok, here goes.
> commit "rename: ensure user owns both source and dest for Bug #3586 workaround"
> Ok, but why?
CMU had somebody issue "rename $sharedroot INBOX.Trash". Since they
had no permissions on $sharedroot, the lower level returns
IMAP_MAILBOX_NONEXISTENT. Since "submailboxes" are done as admin,
there were no ACL checks. It was only the quota which stopped their
entire shared heirarchy being renamed under INBOX.Trash of one user.