Last Call Review of draft-ietf-sieve-include-
review-ietf-sieve-include-secdir-lc-perlman-2011-12-12-00

Summary: No problems found with this document



Summary of document: This document specifies an extension to an existing file
format. That file format is defined in RFC5228 and specifies a format for
incoming mail filtering and sorting rules (e.g. if subject field contains
“Viagra” delete the message). This extension defines an ‘include’ command,
which allows someone to hierarchically organize mail filtering rules into
separate files. The goal (among others) is so that there can be some common
filters that lots of users might want to use, users can reference them with
‘include’ commands rather than copying their bodies into their own filtering
rules, and the common filters can then be updated by a central authority and
changes will automatically be reflected in each user’s rules.

This extension only introduces one interesting new security concern, and it is
covered well in the security considerations. That concern is that a user might
be able to trick the mail sorting utility into opening files that the user
would not have permission to open. Depending on the OS, this might or might not
be easy for the mail sorting utility to avoid, but the security considerations
points out several variations, like making sure that file names really are file
names (and not something that could escape itself into a shell script) and
checking the access rules on the files to make sure that there is no privilege
elevation.



Radia