[Alpine-info] Alpine .pine-passfile

[Steve Hubert]

Yes, root can find the passwords in your running program by using gdb or 
something similar. But root can do lots of other nasty things, too. If you 
don't trust root you shouldn't ever type passwords when logged into that 
computer.

Steve

On Thu, 25 Sep 2008, damion.yates at gmail.com wrote:


>> Steve, could you tell me (or to other people too), how secure are mail

>> account passwords stored in memory, and how secure is the KBlock

>> password stored?

>>

>> Is it possible, that someone (at least root) can read account

>> passwords from memory?

>>

>> Is it possible, that someone (at least root) can find the KBlock

>> password for alpine in memory, attach screen and unlock my running

>> alpine and read my emails?

>

> I too was recently quite worried that somebody might root my box and

> gdb -p <processID_of_alpine>

> ...then work some voodoo and pull the plain text password from ram.

>

> I've not managed to find the right voodoo myself on this (I obviously

> have root), and just put my worries aside and constantly keep my box

> patched or upgraded.  But I'm still curious how easy this is.

>

> Thanks,

>

> Damion