Maciej Delmanowski <dryb...@drybjed.net> writes: > Package: nullmailer > Version: 1:1.13-1 > Severity: grave > > The nullmailer package keeps sensitive information like users and passwords to > the mail accounts on the remote SMTP servers in the '/etc/nullmailer/remotes' > file, which is secured by 600 permissions and owned by mail:mail. However, > after running command: > > dpkg-reconfigure -f noninteractive nullmailer > > contents of this file are stored in the debconf database as cleartext in the > 'nullmailer/relayhost' database key and can be read by any user using the > command: > > debconf-get-selections | grep nullmailer > > The 'dpkg-reconfigure' command cannot be executed directly by unprivileged > users. However, the debconf database reads the contents of the > '/etc/nullmailer/remotes' file and includes its contents in the database on > package installation. > > This behaviour occurs again on package reinstallation - the debconf database > is automatically updated with the contents of the '/etc/nullmailer/remotes' > file. Therefore the sensitive information might show up in the > 'debconf-get-selections' output after an automatic package upgrade or package > reinstallation.
Unfortunately I can confirm the about statement about debconf-get-selections. I'm probably one of the few that doesn't have any password info in /etc/nullmailer/remotes (I use some bespoke ssh auth thing), but I can see how it's a problem in general. d
