Bug 179832 - mail-notification saves passwords in clear text with read access for everybody
Summary: mail-notification saves passwords in clear text with read access for everybody
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: mail-notification
Version: 4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Thorsten Leemhuis
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-02-03 09:36 UTC by Terje Rosten
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-07-02 09:54:40 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Terje Rosten 2006-02-03 09:36:13 UTC 
Description of problem:

There is security problem with mail-notification:

 the program saves data about mail accounts in the file

 ~/.gnome2/mail-notification/mailboxes.xml

 however, passwords are saved unhashed in clear text and on top of that
 file access permissions on the file is wide open: 0644.

Version-Release number of selected component (if applicable):

 mail-notification-2.0-2.fc4

How reproducible:

 o Start mail-notification with the "display the main window" option:
   $ mail-notification -m
 
 o Choose Preferences and then Mailboxes
 o Add a account
 o Have a look in the file ~/.gnome2/mail-notification/mailboxes.xml

Additional info:
 If this issue is not going to be fixed, mail-notification should be removed
 from Fedora Extras.
Comment 1 Thorsten Leemhuis 2006-02-11 14:31:09 UTC 
(In reply to comment #0)
>  however, passwords are saved unhashed in clear text
That's the case for fetchmail too, iirc

> and on top of that
>  file access permissions on the file is wide open: 0644.
Yeah, that's a problem. Upstream is working on a fix. 

>  If this issue is not going to be fixed, mail-notification should be removed
>  from Fedora Extras.
No, I don't think that this is so important. It wouldn't change much btw -- most
people already have installed it and removing it from the repo doesn't help them.
Comment 2 Dennis Gilmore 2006-02-22 21:07:19 UTC 
(In reply to comment #1) 
> (In reply to comment #0) 
> >  however, passwords are saved unhashed in clear text 
> That's the case for fetchmail too, iirc 
 
yes  but that doesn't make it right 
 
> > and on top of that 
> >  file access permissions on the file is wide open: 0644. 
> Yeah, that's a problem. Upstream is working on a fix.  
>  
> >  If this issue is not going to be fixed, mail-notification should be 
removed 
> >  from Fedora Extras. 
> No, I don't think that this is so important. It wouldn't change much btw -- 
most 
> people already have installed it and removing it from the repo doesn't help 
them. 
I don't think its the hugest deal in the world.  mostly because  the files are 
in a home dir  default perms  only allow the user access  to that part of the 
tree. its exploitable  by you getting up and walking away from your computer  
and someone coming and sitting down.  It requires local access.  but yes  it 
needs fixed. 
 
It shouldn't be to hard to change the perms that are set.
Comment 3 Dennis Gilmore 2006-06-29 03:07:49 UTC 
Please look at this.
Comment 4 Ben Liblit 2007-03-05 01:39:09 UTC 
mail-notification seems like an excellent place to deploy GNOME Keyring. 
Unfortunately, the main upstream developer feels that "the gnome-keyring
paradigm (passwords are worthy of encryption and everything else is not) is
obviously flawed" and therefore he does not intend to support it:
<http://savannah.nongnu.org/bugs/?18893>.

By the way, Gmail passwords do go into GNOME Keyring.  But that's actually
gnomevfs's doing, not anything that mail-notification is doing.
Note You need to log in before you can comment on or make changes to this bug.