Skip to main content

Last Call Review of draft-ietf-sieve-include-

Request Review of draft-ietf-sieve-include
Requested revision No specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2011-12-15
Requested 2011-12-03
Authors Cyrus Daboo , Aaron Stone
I-D last updated 2011-12-12
Completed reviews Genart Last Call review of -?? by Ben Campbell
Secdir Last Call review of -?? by Radia Perlman
Assignment Reviewer Radia Perlman
State Completed
Request Last Call review on draft-ietf-sieve-include by Security Area Directorate Assigned
Completed 2011-12-12
Summary: No problems found with this document

Summary of document: This document specifies an extension to an existing file
format. That file format is defined in RFC5228 and specifies a format for
incoming mail filtering and sorting rules (e.g. if subject field contains
“Viagra” delete the message). This extension defines an ‘include’ command,
which allows someone to hierarchically organize mail filtering rules into
separate files. The goal (among others) is so that there can be some common
filters that lots of users might want to use, users can reference them with
‘include’ commands rather than copying their bodies into their own filtering
rules, and the common filters can then be updated by a central authority and
changes will automatically be reflected in each user’s rules.

This extension only introduces one interesting new security concern, and it is
covered well in the security considerations. That concern is that a user might
be able to trick the mail sorting utility into opening files that the user
would not have permission to open. Depending on the OS, this might or might not
be easy for the mail sorting utility to avoid, but the security considerations
points out several variations, like making sure that file names really are file
names (and not something that could escape itself into a shell script) and
checking the access rules on the files to make sure that there is no privilege