Re: Security vulnerability in APOP authentication

To: mutt-dev@xxxxxxxx
Subject: Re: Security vulnerability in APOP authentication
From: gaetan.leurent@xxxxxx (Gaëtan LEURENT)
Date: Sat, 17 Mar 2007 15:08:50 +0100
In-reply-to: <qlkveh36fm7.fsf@xxxxxxxxxxxxxx> (Gaëtan LEURENT's message of "Wed, 14 Mar 2007 15:53:36 +0100")
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?Subject="Unsubscribe Mutt Dev"?body=unsubscribe>
References: <qlkveh36fm7.fsf@xxxxxxxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (usg-unix-v)

Gaëtan LEURENT wrote on 14 Mar 2007 15:53:36 +0100:

> I found a security vulnerability in the APOP authentication.  It is
> related to recent collision attacks by Wang and al. against MD5.

Does somebody care about this, are you all busy reinventing Unix's
$PATH?

By the way, what's the next step?  Messing around $LD_LIBRARY_PATH and
$LD_PRELOAD?  You know, these are global configuration variable, what's
in here should be here for a reason.  It offers many creative ways of
shooting yourself in the foot, but it also offers many useful way of
solving real-life problems.  If you're not confident in what's in the
$PATH, just don't use the computer.  And if you want a specific $PATH
for mutt, that's easy to do with a wrapper script.  But if every program
has it's own idea of the PATH it's a real nightmare for everybody.

[Sorry for the first broken version of this message]

-- 
Gaëtan LEURENT

References:
- Security vulnerability in APOP authentication
  - From: Gaëtan LEURENT

Prev by Date: Re: [PATCH] Add $umask for mailboxes and attachments
Next by Date: Re: [PATCH] Add $umask for mailboxes and attachments
Previous by thread: Re: Security vulnerability in APOP authentication
Next by thread: [PATCH] Document pattern groups in the manual
Index(es):
- Date
- Thread