On Sat, Dec 27, 2003 at 03:03:36PM -0800, christopher neitzert wrote: > Hi all, > > I couldn't find this when searching through the list archives so I > presume it hasn't been posted yet. > > From gkrellm-2.1.19 rpm base: > > ~user/.gkrellm/user-config stores passwords for IMAP, IMAP-CRAM-MD5, > and POP in clear text. > > From ~user/.gkrellm/user-config > -- > mail mailbox-remote IMAP_(CRAM-MD5) some.server.com "username" > "password" 143 "inbox" > -- > > Can anyone confirm that this is true on other versions/platforms? >
Yes, this is true, login and password are stored in clear text and I don't think this is a security flaw, this is the expected behaviour. On my system (Redhat FC1) the `user-config' file is not readable by other users or groups : $ ls -l user-config -rw------- 1 jauge jauge 3287 Dec 28 14:24 user-config So I don't consider this a problem... There are plenty of files that store password in clear text like the .netrc or .fetchmailrc file. The only requirement for such file is to be correctly protected with a chmod/umask and this user-config file seems correctly protected. Regards, J�r�me -- <ESC>:r $HOME/.signature<CR> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
