include php-imap in FC2 (bug #115535)
Angles Puglisi
angles at aminvestments.com
Wed Mar 3 04:16:44 UTC 2004
Speaking as someone who has had to replace (some of) php-imap with pure php
code, I observe that the "insecure" c-client problems would apply more to an
actual uwash imap server, not so much to a subset of the c-client code used
only in a client.
The php-imap extension is not a server. Any script kiddie can smack on a
uwash server, but to exploit a _client_ using a portion of that code, would
seem to be much more tricky. It seems like a special malware server, or
specially crafted malware emails, would need to be used and then a php-imap
client would need to connect to and/or request such malware in order for the
client to be exploited, and even this might depend if php-imap were using POP3
or IMAP (it uses more c-client code for POP3). Not impossible of course, but
different from server considerations.
I understand the issues around the need to maintain the c-client code, but do
remember we are talking about a client that accesses a server accorrding to
RFC standards, we are not providing a server. If this mitigates the effort
required to maintain the c-client (since it will not be a server) then maybe
that helps.
AFAIK, redhat / fedora has generally provided the easiest to install php-imap
(and php in general) packages around.
Joe Orton (jorton at redhat.com) wrote:
>
> On Tue, Mar 02, 2004 at 05:15:03PM +0000, Joe Orton wrote:
> > On Tue, Feb 24, 2004 at 08:02:18PM +0200, Kaj J. Niemi wrote:
> > > > I'm also able to package the c-client library based on the previous imap
> > > > rpm if that is the conclusion of this discussion.
> > >
> > > Attached is a suggestion for libc-client.spec. It is based on the imap-2002d
> > > package. A shared library is built in addition to the static library. The
> > > build code was borrowed from FreeBSD's ports collection mail/cclient where
> > > it has been working well. In the base package we install just the shared
> > > library while the header files and the static library gets saved for -devel.
> > > The .spec and the .src.rpm can be found at <http://www.a51.org/sw/fedora/>.
> > >
> > > Comments are welcome.
> >
> > Thanks for doing this Kaj... I had a quick look, it was missing a
> > %post/%postun, and there were a few too many RFCs in %doc for my taste.
>
> Also some Conflicts with imap are needed here.
>
> joe
>
>
>
>
--
That's "angle" as in geometry.
www.anglemail.org
More information about the fedora-devel-list
mailing list