[sf-lug] Yes, Mailman stores and sends the passwords in the clear: Re: Anyone here had any contact with Linu xChix.org?

Sat Jun 8 22:52:50 PDT 2019

So, what you're saying, Rick, is let's ignore the fact that it is a bad
idea to have clear-text passwords (to which every security person agrees)
because, for this specific is case, no one (yet? No one you ever had this
discussion with?) Ever came up with an attack vector?

To your point earlier - I'm sure those dworves at Moria had that
discussion, and someone said "I cannot remember a single time, and I cannot
rationalize in any way, that a Balrog will come at us if we dig here". If
that what you are saying now?

On Sat, Jun 8, 2019, 11:55 Rick Moen <rick at linuxmafia.com> wrote:

> Quoting Michael Paoli (Michael.Paoli at cal.berkeley.edu):
>
> > GNU Mailman - sure, periodic (e.g. monthly) email to list can
> > generally be a good thing (e.g. list hygiene).  But emailing
> > passwords - that's generally a bad thing [...]
>
> Except that there's no credible threat model involved.  {sigh}
>
> I wish the Mailman devs would FAQ this already, so people don't keep
> having the same stupid discussion over and over.
>
> 'Storing passwords in plaintext and e-mailing them in plaintext is bad
> because bad things can be done with them.'  Fine, go on, what specific
> bad things?
>
> Er,...   Long silence from the person who so suggested without bothering
> to think about the threat model.  Because even if the chosen-to-be-weak
> (because you didn't ignore the instructions to do so and expect it to be
> periodically mailed back to you, right) password somehow gets either
> cracked from the server's Python 'pickled' stored files or is
> intercepted in transmission across the Internet, the fact is that
> Moriarty the Napoleon of Crime can misuse the stolen password to
> accomplish little more than diddly-squat.
>
> Maliciously unsubscribe the user?  Actually, no, not even that, because
> confirmation via three-way handshake is required.  Actions not requiring
> confirmation amount to things like toggling on or off 'vacation' mode or
> switching the user between normal and digest reception.
>
> > - it's mostly or entirely a "won't fix" regarding clear text passwords
>
> And above is probably why.
>
> {rolls eyes}
>
> > In any case, sounds like GNU Mailman will *NOT*
> > "fix" this in the 2.x series, but probably will in
> > the 3.x version series.
>
> Which (judging by the betas) is a Second System Effect monstrosity, if I
> ever saw one.  So, no thanks, like the rest of the world so far, I'll
> stick with 2.x.
>
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> SF-LUG is at http://www.sf-lug.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20190608/75a62c04/attachment-0001.html>