On Tue, Jan 24, 2012 at 05:54:12PM +1100, Greg Banks wrote:
> On Tue, Jan 24, 2012, at 07:25 AM, Bron Gondwana wrote:
> > On Tue, Jan 24, 2012 at 01:49:52PM +1100, Greg Banks wrote:
> > > I've been told I should do reviews more openly.  Ok, here goes.
> > >
> > > commit "rename: ensure user owns both source and dest for Bug #3586 workaround"
> > >
> > > Ok, but why?
> >
> > CMU had somebody issue "rename $sharedroot INBOX.Trash".  Since they
> > had no permissions on $sharedroot, the lower level returns
> > IMAP_MAILBOX_NONEXISTENT.  Since "submailboxes" are done as admin,
> > there were no ACL checks.  It was only the quota which stopped their
> > entire shared heirarchy being renamed under INBOX.Trash of one user.
>
> Gah!  Still, checking for the same user is a rather ugly hack when what we
> actually want is to do an ACL check.

We're planning to do that eventually.  Meanwhile, we'd rather not leave
everyone vulnerable (FM included) for too long.

I'll be doing a 2.4.14 soon.

Bron.