On Wed, 14 Feb 2007, Mark Crispin wrote:
On Wed, 14 Feb 2007, Asheesh Laroia wrote:
But if PASSFILE is mode 0600 then it's not actually insecure, right (*)?
Isn't that like saying "If I'm the only user on my Windows system, then it's
secure, right?" ;-)
Yet this feature is turned on in PC-PINE (and presumably PC-ALPINE).
Or, perhaps, "Since /etc/shadow is protected, we don't need to encrypt them
any more, we can just store the passwords as plaintext, right?"
The point here is not to debate security policy, but to give control over it
to those it affects, in this case sysadmins and users. I don't disagree with
any of your analysis. The reality is that plenty of other programs offer
this facility, and that for users it's often a must. Maybe the best solution
would be for Pine to be compatible with more secure methods for keeping
passwords in user accounts (I'm thinking of keyring schemes) but making the
option compile-time only, and not even putting it commented out in the
relevant header file (at least, last time I checked) looks like peevishness
or dogma.
The capability to build UNIX Alpine that way exists, but we don't use it. I'm
sure that there are hackers out there who would love to get ahold of my
PASSFILE if I was ever foolish enough to keep one.
Sounds like you're foolish enough not to have good password discipline,
then! Someone who got their hands on my PASSFILE would get access to my mail
account, nothing more.
Anyway, none of this matters much in the context of packaging for Debian,
where a patch is simply applied.
--
http://rrt.sc3d.org/ | wit, n. educated insolence (Aristotle)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
