[Inx] persistant usb inx - saving?
Peter Garrett
inx-one at optusnet.com.au
Wed Jul 29 18:27:52 PDT 2009
On Wed, 29 Jul 2009 19:48:53 +0000
Karl Harris <karlh626 at gmail.com> wrote:
> I am writing this with mutt in inx.
:-)
>
> Now I am on to importing my gpg keyring into inx. I just want to make
> sure that my keyring will not be compromised if it falls into the
> wrong hands.
Actually, there's something that needs changing in the mail config
questions - your point about USB sticks etc. being a danger of
compromise reminded me.
In ~/.muttrc and ~/.msmtprc, the passwords for mail are saved in plain
text - the permissions are "user only", but of course if someone else
booted from a lost USB for example, the passwords would be accessible.
This is a bug - I need to make passwords not saved for the USB case.
Thanks for reminding me.
For those who are concerned about this - you can delete your password
in the files cited - mutt will prompt for passwords on start in any
case: - saving them was just a 'convenience' which seemed OK for CD or
hard drive, but persistence alters that. If you have ~/.muttrc.bak or
~/.msmstprc.bak, delete passwords there too, if you are concerned about
possibly having your USB fall into the wrong hands.
Example:
remove the line "set imap_pass="xxxx" in ~/.muttrc and ~/.muttrc.bak
(if it exists)
remove the line "password xxxxx" in ~/.msmtprc and ~/.msmtprc.bak
(if it exists)
Peter
--
"INX Is Not X" Live CD based on Ubuntu 8.04 : http://inx.maincontent.net
Screenshots slideshow: http://inx.maincontent.net/album/1.png.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.inx.maincontent.net/pipermail/inx-inx.maincontent.net/attachments/20090730/7ff14d84/attachment-0002.pgp>
More information about the Inx
mailing list