On Mon, Jul 03, 2000 at 12:17:05AM -0400, Adam McKenna wrote:
> On Sun, Jul 02, 2000 at 08:44:23PM -0700, Brian D. Winters wrote:
> > Make the list readable only by root. Now a local user effectively
> > needs root access to read the APOP secrets. Once that local user has
> > rooted the box, I don't see why it matters that the secrets were
> > cleartext.
>
> There have been several exploits in the past that allowed a local user to
> read files on the system without obtaining root. Granted, if someone found
> a vulnerability like this he could read the shadow file, but at least the
> passwords in the shadow file are encrypted (as opposed to the passwords in
> the apop.secrets file).
Right, but that class of exploits don't change anything in this
discussion. (I almost mentioned this case in my last message, but I
was curious how thoroughly you had thought this through. Apparently
the answer is "not as thoroughly as you think.") The same exploit
which reads the secrets file could also be used to read the user's
mail file(s). Since APOP secrets are only useful for reading mail,
nothing has been gained by reading the APOP secrets file by this
means.
> As you've pointed out, an attacker with sniffing ability can already read the
> e-mail, which is the only thing that the password protects. If a sniffer can
> read the e-mail, then who cares if he has the password?
In the absense of APOP, my POP3 password protects a lot more than just
my e-mail. My understanding from what you've said so far is that this
is why you like dummy accounts. For my situation dummy accounts are a
headache. I also like the one-time nature of a sniffed APOP token,
but if you can sniff then you can probably also hijack.... Anyway, I
agree to disagree with you here. Each situation is different. We've
both made our cases. This horse looks dead.
> I'd rather make sure
> that if he DOES get the password, it will be useless except for reading the
> e-mail.
So you are advocating APOP then? ;) (Sorry. I should know better,
but I couldn't resist one more swipe at the corpse on my way out.)
Brian
