Package: nullmailer
Version: 1:1.13-1.2
To reproduce, install nullmailer, add a remote servers using smtp with
user/password via debian configuration.
The stmp server user and password will be stored in
/etc/nullmailer/remotes with mode 600, user mail:mail.
When e-mails are send the smtp helper is called with the credentials in
the command line. Any local user can now see the password using ps, etc:
heinz@.....:~$ ps ax | grep smtp
11252 ? S 0:00 /usr/lib/nullmailer/smtp -d -s --ssl
--user=...@abstracture.de --pass=XXXX smtp.mail.com
11254 pts/0 S+ 0:00 grep smtp
I have replaced the actual password with XXXX in this example.
Expected behaviour is not to show the smtp password in the command line
to any user.
Regards,
Martin Wache
--
Dr. Martin Wache
abstracture GmbH & Co. KG
Im Niedergarten 24 A
55124 Mainz
Fon +49 6131 696 29 0
Fax +49 6131 696 29 29
Mail wa...@abstracture.de
Amtsgericht Mainz HRA 40625
USt-IdNr.: DE258454694
Persönlich haftender Gesellschafter:
abstracture IT-Beratungs- und Beteiligungsgesellschaft mbH, Sitz Mainz,
Amtsgericht Mainz HRB 41357
Geschäftsführer: Dr. U. Koch, T. Meyer, A. Misok, Dr. V. Schönharting
