[Alpine-info] Alpine .pine-passfile
hubert at washington.edu
Thu Sep 25 10:38:47 PDT 2008
Yes, root can find the passwords in your running program by using gdb or
something similar. But root can do lots of other nasty things, too. If you
don't trust root you shouldn't ever type passwords when logged into that
On Thu, 25 Sep 2008, damion.yates at gmail.com wrote:
>> Steve, could you tell me (or to other people too), how secure are mail
>> account passwords stored in memory, and how secure is the KBlock
>> password stored?
>> Is it possible, that someone (at least root) can read account
>> passwords from memory?
>> Is it possible, that someone (at least root) can find the KBlock
>> password for alpine in memory, attach screen and unlock my running
>> alpine and read my emails?
> I too was recently quite worried that somebody might root my box and
> gdb -p <processID_of_alpine>
> ...then work some voodoo and pull the plain text password from ram.
> I've not managed to find the right voodoo myself on this (I obviously
> have root), and just put my worries aside and constantly keep my box
> patched or upgraded. But I'm still curious how easy this is.
More information about the Alpine-info