Closed
Bug 286703
Opened 20 years ago
Closed 19 years ago
Password found in core file
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 298539
People
(Reporter: a_rvind_j, Assigned: dveditz)
Details
(Keywords: privacy)
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20041202 Firefox/1.0 Build Identifier: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20041202 Firefox/1.0 The core file generated by thunderbird contains the password in cleat text. Reproducible: Always Steps to Reproduce: 1.Really doesnt matter what causes the core dump 2. 3. Actual Results: Search the core file for the password and it can be found Expected Results: I understand, that the app needs to remember the password to present to the mail server for periodic fetches. That still does not justify holding the password in cleartext for the entire duration of the session. Here's how I think it could be done better. 1)When thunderbird installs for the first time, let it generate a random token and save it with the preferences on the disk. 2)The actual executable can load the encrypted key at start of each instance. When it wishes to present the credentials to the server, let it read the key from the disk, present the clear text password and immediately do a bzero/memset of the variables holding the password and the key retirevied from the disk. Note that merely assigning a new value in the case of a string class may not do the trick. It is very essential to clear the memory location holding the password, not just free it. This way, the duration for which the cleartext password is held in the memory is greatly reduced and most core dumps wont have the problem. The concerns are * the core file is readable by othe rusers of the machine * users may send their core file to others for debuggin without realizing that they are sharing their password
Assignee | ||
Updated•20 years ago
|
Comment 1•19 years ago
|
||
Why is the core file visible to other users of the machine? That sounds like a serious security hole in Linux or your configuration that could be exploited to do all kinds of things, not just read Thunderbird passwords. This bug would be very hard to fix, because the password probably appears in variables and buffers, and wouldn't have much benefit. Fixing this bug would also hurt performance. See also bug 298539.
Comment 2•19 years ago
|
||
I wrote a c++ program designed to crash (cout << (char*)2;) and let it crash on gradlab.ucsd.edu. The core file created had the following permissions: -rw------- 1 jruderma grad 104992 Jul 28 12:11 core If your core files can be accessed by someone who wouldn't be able to access the program's memory directly, your operating system (FreeBSD) or configuration has a serious security hole. *** This bug has been marked as a duplicate of 298539 ***
Group: security
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:fix]
You need to log in
before you can comment on or make changes to this bug.
Description
•