[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Re: Fwd: possible security problem in kmail 1.6
From: Ingo =?iso-8859-1?q?Kl=F6cker?= <kloecker () kde ! org>
Date: 2004-02-15 17:16:56
Message-ID: 200402151817.00673 () erwin ! ingo-kloecker ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Sunday 15 February 2004 16:41, Waldo Bastian wrote:
> George Staikos pointed out that KMail probably never really exits in
> this scenario and that "restarting kmail" most likely just re-uses
> the still running instance thanks to KUniqueApplication.
That's correct. The running instance of KMail doesn't quit until the
pending send has been finished. This means that although no KMail
window is visible anymore KMail is still sending the message. Any other
behavior like aborting the send would be plain stupid. So if you
"restart" KMail before sending is finished the still running instance
will be re-activated. Of course, the still running instance still has
all cached passwords in memory.
Regards,
Ingo
> ---------- Forwarded Message ----------
>
> Subject: possible security problem in kmail 1.6
> Date: Sat February 14 2004 21:36
> From: Lévai Dániel <leva@ecentrum.hu>
> To: security@kde.org
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi!
>
> I have set up kmail to empty my 'deleted mails' folder on exit. First
> I'm starting kmail, and downloading my e-mails (I've entered my
> password at the first downloading, and kmail doesn't ask for it at
> the latter downloadings, this is ok, cause kmail is caching the
> password). I've noticed that kmail doesn't always clean up after
> closing the program.
> If I create a big enough mail (~500KB), and my mail server is very
> slow, and has a high response time, plus it is an stunnelled server,
> so I have to wait for the negotiation too (generally speaking, I have
> to wait ~10-15 seconds to send an e-mail), kmail puts the mail into
> the Outbox folder, and waits for connecting to the mail server. I can
> see the progress bar in the lower-right corner of kmail staying at
> 0%. If I close kmail while this sending progress is at 0%, it doesn't
> do the clean up process (emptying the deleted mails folder etc...),
> and if I start kmail again I can download my emails without providing
> my password :( Kmail doesn't ask for password when downloading
> e-mail. I have to wait until kmail sends my big e-mail via that slow
> smtp server, and after that when I close kmail it does the clean up,
> and "forgets" the password.
> Perhaps kmail didn't clean the password cache, and it stayed in the
> memory. I think kmail must do that clean up even if it is in the
> middle of a mail sending (or anything).
> I can reproduce this bug on my every machine (perhaps becuase all of
> the machines have to send their mails via that slow smtp server :)
>
> I will gladly help you in testing or anything, but (unfortunately) I
> have no experience in c++ programming, so I can not help you fixing
> this.
>
> Best wishes!
>
> Daniel
>
> - --
> LeVA
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iQEVAwUBQC6G1iAuQCpfNDAbAQLe/Qf/Vz5DP1jZVLqE5x50WsF0tSmVh4A2yYrO
> 0K9QwcTwObvuhgTS17ISxVYE5cYfrCzUEgzdDNEYkaBLB7V2/GB/S4fE+aNUBBTb
> 4noySJBEEwrSj3ZJfJR0iJfRzSoxVtroy5sIDUuaRfBcbn9wYWyM/PFoobIqC0kg
> gOz1u462pGtEd+MPBlDU/60lnFEUx9vi6Nh1dgtDGq6z7mtBPhF3qSvDsCKFb8NG
> TwWru8mMAByex1ZRn0crMw0+cBi1yBBZyhjIvLrxsHzWCgLxvUnlw2hKqlKJb/rx
> qJ/mHtwh7fZVVPg4CGdpnrN3W82DOuWsUhIl7baQN0Z3MSarx7DDvA==
> =m/OV
> -----END PGP SIGNATURE-----
>
> -------------------------------------------------------
[Attachment #5 (application/pgp-signature)]
_______________________________________________
KMail developers mailing list
KMail-devel@kde.org
https://mail.kde.org/mailman/listinfo/kmail-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic