Re: Security vulnerability in APOP authentication

To: mutt-dev@xxxxxxxx
Subject: Re: Security vulnerability in APOP authentication
From: gaetan.leurent@xxxxxx (Gaëtan LEURENT)
Date: Sat, 17 Mar 2007 15:08:50 +0100 (MET)
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?Subject="Unsubscribe Mutt Dev"?body=unsubscribe>
References: <qlkveh36fm7.fsf@xxxxxxxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx

$LD_LIBRARY_PATH and $LD_PRELOAD?  You know, these are global
configuration variable, what's in here should be here for a reason.  It
offers many creative ways of shooting yourself in the foot, but it also
offers many useful way of solving real-life problems.  If you're not
confident in what's in the $PATH, just don't use the computer.  And if
you want a specific $PATH for mutt, that's easy to do with a wrapper
script.  But if every program has it's own idea of the PATH it's a real
nightmare for everybody.
Date: Sat, 17 Mar 2007 15:08:50 +0100
In-Reply-To: <qlkveh36fm7.fsf@xxxxxxxxxxxxxx> (=?iso-8859-1?Q?Ga=EBtan?=
 LEURENT's message of "Wed, 14 Mar 2007 15:53:36 +0100")
Message-ID: <qlk1wjohsi5.fsf@xxxxxxxxxxxxxx>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (usg-unix-v)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable


Ga=EBtan LEURENT wrote on 14 Mar 2007 15:53:36 +0100:

> I found a security vulnerability in the APOP authentication.  It is
> related to recent collision attacks by Wang and al. against MD5.

Does somebody care about this, are you all busy reinventing Unix's
$PATH?

--=20
Ga=EBtan LEURENT

References:
- Security vulnerability in APOP authentication
  - From: Gaëtan LEURENT

Prev by Date: Re: [PATCH] Remove absolute paths from gpg.rc
Next by Date: Re: [PATCH] Add $umask for mailboxes and attachments
Previous by thread: Re: #2846: Security vulnerability in APOP authentication
Next by thread: Re: Security vulnerability in APOP authentication
Index(es):
- Date
- Thread