Bug 179832

Summary: mail-notification saves passwords in clear text with read access for everybody
Product: [Fedora] Fedora Reporter: Terje Rosten <terje.rosten>
Component: mail-notificationAssignee: Thorsten Leemhuis <fedora>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 4CC: dennis, extras-qa
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-07-02 09:54:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Terje Rosten 2006-02-03 09:36:13 UTC 
Description of problem:

There is security problem with mail-notification:

 the program saves data about mail accounts in the file

 ~/.gnome2/mail-notification/mailboxes.xml

 however, passwords are saved unhashed in clear text and on top of that
 file access permissions on the file is wide open: 0644.

Version-Release number of selected component (if applicable):

 mail-notification-2.0-2.fc4

How reproducible:

 o Start mail-notification with the "display the main window" option:
   $ mail-notification -m
 
 o Choose Preferences and then Mailboxes
 o Add a account
 o Have a look in the file ~/.gnome2/mail-notification/mailboxes.xml

Additional info:
 If this issue is not going to be fixed, mail-notification should be removed
 from Fedora Extras.
Comment 1 Thorsten Leemhuis 2006-02-11 14:31:09 UTC 
(In reply to comment #0)
>  however, passwords are saved unhashed in clear text
That's the case for fetchmail too, iirc

> and on top of that
>  file access permissions on the file is wide open: 0644.
Yeah, that's a problem. Upstream is working on a fix. 

>  If this issue is not going to be fixed, mail-notification should be removed
>  from Fedora Extras.
No, I don't think that this is so important. It wouldn't change much btw -- most
people already have installed it and removing it from the repo doesn't help them.
Comment 2 Dennis Gilmore 2006-02-22 21:07:19 UTC 
(In reply to comment #1) 
> (In reply to comment #0) 
> >  however, passwords are saved unhashed in clear text 
> That's the case for fetchmail too, iirc 
 
yes  but that doesn't make it right 
 
> > and on top of that 
> >  file access permissions on the file is wide open: 0644. 
> Yeah, that's a problem. Upstream is working on a fix.  
>  
> >  If this issue is not going to be fixed, mail-notification should be 
removed 
> >  from Fedora Extras. 
> No, I don't think that this is so important. It wouldn't change much btw -- 
most 
> people already have installed it and removing it from the repo doesn't help 
them. 
I don't think its the hugest deal in the world.  mostly because  the files are 
in a home dir  default perms  only allow the user access  to that part of the 
tree. its exploitable  by you getting up and walking away from your computer  
and someone coming and sitting down.  It requires local access.  but yes  it 
needs fixed. 
 
It shouldn't be to hard to change the perms that are set.
Comment 3 Dennis Gilmore 2006-06-29 03:07:49 UTC 
Please look at this.
Comment 4 Ben Liblit 2007-03-05 01:39:09 UTC 
mail-notification seems like an excellent place to deploy GNOME Keyring. 
Unfortunately, the main upstream developer feels that "the gnome-keyring
paradigm (passwords are worthy of encryption and everything else is not) is
obviously flawed" and therefore he does not intend to support it:
<http://savannah.nongnu.org/bugs/?18893>.

By the way, Gmail passwords do go into GNOME Keyring.  But that's actually
gnomevfs's doing, not anything that mail-notification is doing.