[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Fwd: possible security problem in kmail 1.6
From: Waldo Bastian <bastian () kde ! org>
Date: 2004-02-15 15:41:43
Message-ID: 200402151641.43582.bastian () kde ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
FYI
George Staikos pointed out that KMail probably never really exits in this
scenario and that "restarting kmail" most likely just re-uses the still
running instance thanks to KUniqueApplication.
- ---------- Forwarded Message ----------
Subject: possible security problem in kmail 1.6
Date: Sat February 14 2004 21:36
From: Lévai Dániel <leva@ecentrum.hu>
To: security@kde.org
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
I have set up kmail to empty my 'deleted mails' folder on exit. First
I'm starting kmail, and downloading my e-mails (I've entered my
password at the first downloading, and kmail doesn't ask for it at the
latter downloadings, this is ok, cause kmail is caching the password).
I've noticed that kmail doesn't always clean up after closing the
program.
If I create a big enough mail (~500KB), and my mail server is very slow,
and has a high response time, plus it is an stunnelled server, so I
have to wait for the negotiation too (generally speaking, I have to
wait ~10-15 seconds to send an e-mail), kmail puts the mail into the
Outbox folder, and waits for connecting to the mail server. I can see
the progress bar in the lower-right corner of kmail staying at 0%. If I
close kmail while this sending progress is at 0%, it doesn't do the
clean up process (emptying the deleted mails folder etc...), and if I
start kmail again I can download my emails without providing my
password :( Kmail doesn't ask for password when downloading e-mail. I
have to wait until kmail sends my big e-mail via that slow smtp server,
and after that when I close kmail it does the clean up, and "forgets"
the password.
Perhaps kmail didn't clean the password cache, and it stayed in the
memory. I think kmail must do that clean up even if it is in the middle
of a mail sending (or anything).
I can reproduce this bug on my every machine (perhaps becuase all of the
machines have to send their mails via that slow smtp server :)
I will gladly help you in testing or anything, but (unfortunately) I
have no experience in c++ programming, so I can not help you fixing
this.
Best wishes!
Daniel
- - --
LeVA
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iQEVAwUBQC6G1iAuQCpfNDAbAQLe/Qf/Vz5DP1jZVLqE5x50WsF0tSmVh4A2yYrO
0K9QwcTwObvuhgTS17ISxVYE5cYfrCzUEgzdDNEYkaBLB7V2/GB/S4fE+aNUBBTb
4noySJBEEwrSj3ZJfJR0iJfRzSoxVtroy5sIDUuaRfBcbn9wYWyM/PFoobIqC0kg
gOz1u462pGtEd+MPBlDU/60lnFEUx9vi6Nh1dgtDGq6z7mtBPhF3qSvDsCKFb8NG
TwWru8mMAByex1ZRn0crMw0+cBi1yBBZyhjIvLrxsHzWCgLxvUnlw2hKqlKJb/rx
qJ/mHtwh7fZVVPg4CGdpnrN3W82DOuWsUhIl7baQN0Z3MSarx7DDvA==
=m/OV
- -----END PGP SIGNATURE-----
- -------------------------------------------------------
- --
bastian@kde.org -=|[ SUSE, The Linux Desktop Experts ]|=- bastian@suse.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFAL5M3N4pvrENfboIRAlyIAJ9wHyC6l0pQZsPWivYGTwPvcqr8pwCgmBfU
hhbCBJzjoBxOfLmTthoUFo0=
=Lkcn
-----END PGP SIGNATURE-----
[" " (application/pgp-keys)]
_______________________________________________
KMail developers mailing list
KMail-devel@kde.org
https://mail.kde.org/mailman/listinfo/kmail-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic