On Tue, 2004-07-27 at 13:54, Craig White wrote:
On Tue, 2004-07-27 at 11:15, Fritz Whittington wrote:
*Mail read with Mozilla on a Windows machine from a POP3 server doesn't have root's privileges either!*---
(And yes, you can do anything in vi that you might want to do in emacs, so let's just ship *one* editor with the system and force everyone to do it *that* way, just because! OK with you? I thought not.) Of course, I guess I could set up the foo alias and then read foo's mail with Mozilla on a Windows machine from a POP3 server. Can you prove that to be even a tiny bit more secure?
MUCH more secure, since the user foo would not have root privledges. If that account is cracked they still are restricted on privileges. If the root account is cracked all bets are off.
Pop3 and imap protocols pass user name and password in plain text when logging in.
The issue is not the privileges of the mail client but the security of
the accounts when using plain text to log in and the possible privileges
when logging in to those accounts if someone gains access by obtaining
the password.
that isn't the point though. If root can retrieve email from his account - be it local or remote is the issue. You are differentiating a system that doesn't differentiate. Restricting root's access locally would require something like hosts.allow/deny or iptables, both of which is beyond the safeguards of dovecot or whichever pop/imap daemon you employ.
Proving that accessing mail from account foo or account root via POP3 remotely is inherently more secure is not relevant.
The security issue with reading mail as root via pop3 or imap is the password. With these clients the password/username is passed in plain text and for security that is not acceptable as root.
Not true for the pop3s and imaps versions.
Sniffers to read plain text from the network are common.Perhaps you have not read all the previous postings carefully. A sniffer that could read anything off of the 2-foot long patch cords that connect my Linux and Windows boxes to the LAN switch would be uncommon indeed. Anyone who could install such a thing could much more easily re-boot my Linux in single-user mode and do whatever he wished, since he would have to break into my house to do either of those.
It's not that I don't believe in taking security measures, but that they should be appropriate to the circumstances. I don't run to the bank every night to put my Bic ball-point pens in the safety-deposit box until the next morning.
-- Fritz Whittington Let the fear of danger be a spur to prevent it; he that fears not, gives advantage to the danger. (Francis Quarles)
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
