![](https://secure.gravatar.com/avatar/a2a313fe3f4d5a31d3ae4fdbc78e86a6.jpg?s=120&d=mm&r=g)
Got a question/bug report
I don't know if this has been previously posted, but looking through my files for my mailing lists, I've noticed that each users password is located in the config.db file in plain text.
While this isn't a termendous problem right now for me, I can see where this would be a problem for others. Is this on the list of things to do/change?
Sincerly
Brian Friday Systems Administrator La Sierra University Riverside, CA 92515 (909) 785-2554 x2
![](https://secure.gravatar.com/avatar/0486cf9fb94e8cec8713e1aba06f587b.jpg?s=120&d=mm&r=g)
B. Friday wrote:
Nope.
The password must remain in plain text -- otherwise, it would be impossible to remind people what their password is.
Cheers, -g
-- Greg Stein, http://www.lyra.org/
![](https://secure.gravatar.com/avatar/66536506ebfbe45e52364dc241a9e0d8.jpg?s=120&d=mm&r=g)
On Tue, 30 Mar 1999, Greg Stein wrote:
The password must remain in plain text -- otherwise, it would be impossible to remind people what their password is.
In a related vein, has anyone considered (ye gads, here it comes) PGP and S/MIME support for validation of messages, amongst other things (fully encrypted lists, for example; every submitted message signed/encrypted, then re-encrypted with the list key, and sent to everyone).
Yeah, I know, export regulations, etc...but noone's talking about -writing- it just yet, I'm interested in hearing other ideas people can come up with. ;-)
-- Edward S. Marshall <emarshal@logic.net> [ What goes up, must come down. ] http://www.logic.net/~emarshal/ [ Ask any system administrator. ]
Linux labyrinth 2.2.3-ac4 #2 Sun Mar 21 13:08:37 CST 1999 i586 unknown
8:10pm up 20:57, 4 users, load average: 0.20, 0.11, 0.09
![](https://secure.gravatar.com/avatar/07d0331d64715d0952055e3135aa8308.jpg?s=120&d=mm&r=g)
I'm not speaking for the developers here, but I doubt that there's very little that can be done. I suppose that the password could be converted to a different form before it's stored (something like ROT13, for example), but that's just as crackable if you know what you're doing. mailman does need to be able to retrieve the password in its original state to send it out to users (so a function like crypt() wouldn't do).
However... I've noticed in the past that the config.db file for each
list is set to be readable by anyone by default. This has to change or
else any user can do a strings config.db
and pull out passwords.
Chris
![](https://secure.gravatar.com/avatar/ab1c33fc0fd591a0ea174155233a6a51.jpg?s=120&d=mm&r=g)
"CL" == Christopher Lindsey <lindsey@ncsa.uiuc.edu> writes:
CL> However... I've noticed in the past that the config.db file
CL> for each list is set to be readable by anyone by default.
CL> This has to change or else any user can do a `strings
CL> config.db` and pull out passwords.
config.db probably should not be world readable. I've added this to the bugs database.
-Barry
![](https://secure.gravatar.com/avatar/0486cf9fb94e8cec8713e1aba06f587b.jpg?s=120&d=mm&r=g)
B. Friday wrote:
Nope.
The password must remain in plain text -- otherwise, it would be impossible to remind people what their password is.
Cheers, -g
-- Greg Stein, http://www.lyra.org/
![](https://secure.gravatar.com/avatar/66536506ebfbe45e52364dc241a9e0d8.jpg?s=120&d=mm&r=g)
On Tue, 30 Mar 1999, Greg Stein wrote:
The password must remain in plain text -- otherwise, it would be impossible to remind people what their password is.
In a related vein, has anyone considered (ye gads, here it comes) PGP and S/MIME support for validation of messages, amongst other things (fully encrypted lists, for example; every submitted message signed/encrypted, then re-encrypted with the list key, and sent to everyone).
Yeah, I know, export regulations, etc...but noone's talking about -writing- it just yet, I'm interested in hearing other ideas people can come up with. ;-)
-- Edward S. Marshall <emarshal@logic.net> [ What goes up, must come down. ] http://www.logic.net/~emarshal/ [ Ask any system administrator. ]
Linux labyrinth 2.2.3-ac4 #2 Sun Mar 21 13:08:37 CST 1999 i586 unknown
8:10pm up 20:57, 4 users, load average: 0.20, 0.11, 0.09
![](https://secure.gravatar.com/avatar/07d0331d64715d0952055e3135aa8308.jpg?s=120&d=mm&r=g)
I'm not speaking for the developers here, but I doubt that there's very little that can be done. I suppose that the password could be converted to a different form before it's stored (something like ROT13, for example), but that's just as crackable if you know what you're doing. mailman does need to be able to retrieve the password in its original state to send it out to users (so a function like crypt() wouldn't do).
However... I've noticed in the past that the config.db file for each
list is set to be readable by anyone by default. This has to change or
else any user can do a strings config.db
and pull out passwords.
Chris
![](https://secure.gravatar.com/avatar/ab1c33fc0fd591a0ea174155233a6a51.jpg?s=120&d=mm&r=g)
"CL" == Christopher Lindsey <lindsey@ncsa.uiuc.edu> writes:
CL> However... I've noticed in the past that the config.db file
CL> for each list is set to be readable by anyone by default.
CL> This has to change or else any user can do a `strings
CL> config.db` and pull out passwords.
config.db probably should not be world readable. I've added this to the bugs database.
-Barry
participants (5)
-
B. Friday
-
Barry A. Warsaw
-
Christopher Lindsey
-
Edward S. Marshall
-
Greg Stein