On 20 May 2019, at 06:50, Reto via dovecot wrote:
> How is that dangerous?
Exactly.
--
At night when the bars close down
Brandy walks through a silent town
And loves a man who's not around
First, you might want to control access to who is allowed to use
your server, your email and dovecot. If they are malicious, maybe you
want to disallow their access.
Second, you might want to make sure that dovecot and doveadm,
do not have permissions to run programs outside of a few that
are
How is that dangerous?
If you pipe output from a directory listing to *any* command you need to
sanitize it.
That's normal if you have data that can be created by a user. The issue is
known since the very beginning of Linux
Use scripts to create some malicious directories. Here is my creation
process. How can I prevent the creation of these directories?
I used the python imapclient script to create a directory.
There may be no big threat to dovecot, but it is dangerous for doveadm.
