Timo Sirainen píše v St 18. 06. 2008 v 12:38 +0300:
On Wed, 2008-06-18 at 09:35 +0200, Dan Horák wrote:
this issue was discussed here twice in the not so far history (http://www.dovecot.org/list/dovecot/2008-January/028317.html, http://www.dovecot.org/list/dovecot/2008-February/029147.html), but I need to open it again as it makes problems for our users on one side and on the other side we don't want to diverge from the upstream sources in our packages. I agree with Timo that simply disabling the symlink following in creating the mailbox list can give a false sense of security so the question is whether a permanent solution can be developed and how it should look like?
Permanent solution would be to put your mailboxes in a separate directory where users preferrably don't even have write access, so they can't create broken symlinks.
Yes, that's true :-)
Other than that, I see only kludgy solutions.
Although I suppose I could consider including a check that keeps track of which directories are scanned and stops if it encounters a loop. Is your problem with loops or just that symlinks point to huge directory structures outside home dir?
The main problem are loops that are taking the imap process into endless search. The February thread contains your workaround (patch) that blocks all symlinks which means even the harmless ones.
Dan
-- Fedora and Red Hat package maintainer