»Michel Eyckmans (MCE)« sagte am 2002-03-03 um 19:23:09 +0100 :
Sure. But that is not the issue. The issue is that murphy dictates that
this kind of error happens on a friday evening, leaving the file open for
every passer by to read till you get back on Monday and find the time to
discover the problem and fix it. And then if this password also is your
login password (in my case: on the NT machines) and everybody in the
organisation knows for sure that it has to be the same...
But still. If I were after your password because it's so valuable, I'd
take an aproach which is kinda guaranteed to work, ie. I'd setup a
sniffer and get the password in plain text in almost no time. For this
I don't even have to hack into your machine; I'd just have to be on the
same physical network.
As an aside, what happens with a fetchmail daemon? Does it stop working
too? Does it even notice in case the file itself is not chaged?
No idea. I don't use fetchmaildaemon. Running fetchmail -a from a cron
which is executed every minute is a lot easier.
But as I understand it, you don't trust your root's, correct? Well,
I haven't said that. I have implied that people in general might not
trust their root, and have said that, independenty of whether I do,
Okay, apologies. Then let's agree that "you" refers to some person with
those problems, okay?
my password selection "algorithm" is private information that should
be "for my eyes only".
Which it is. In normal operation. Okay, errors like chmod 777 ~/.*
happen. Yes. But the chance of somebody actually knowing that you use
fetchmail and then finding the file are, uhm, "slim". To make it a tiny
bit more "secure" (as in obscure), it might be worthwile to rename the
~/.fetchmailrc file to something non obvious like "cooking-recipes" or
somesuch.
dunno, but you do know that even if fetchmail would store the password
encrytped, it would be rather easy to sniff the password, don't you?
I know. But sniffing requires more effort than simply reading a file
that has been accidently chmod-ed by a badly written shell script (or
some similar such).
Well, *that* is arguable. I honestly don't know, but I'd expect that in
the "black hat" circles there are easy to setup network sniffers, don't
you think? Heck, even ethereal will very easily capture the network
traffic. I don't think that's hard to setup/run.
Note that I already agreed that the unencrypted sending is the biggest
problem, since that's why fetchmail would need to cointain the decryption
code in the first place.
And that's exactly a "problem" of Open Source software. Because
fetchmail would need to contain the decryption stuff it should be very
easy to write a tool that will read the encrypted fetchmailrc.
I actually think it's *better* that the passwords are stored in clear
text for two reasons:
1) This tells people that there's no security if you store the password
on a machine where you can't trust root
2) It keeps the fetchmail code a little simpler
Alexander Skwar
--
How to quote: http://learn.to/quote (german) http://quote.6x.to (english)
Homepage: http://www.iso-top.de | Jabber:
askwar(_at_)charente(_dot_)de
iso-top.de - Die günstige Art an Linux Distributionen zu kommen
Uptime: 1 day 13 hours 37 minutes