[Alpine-info] Seeking someone who..?

[Andrew C Aitchison]

On Fri, 1 Dec 2023, jason-alpine-info at shalott.net wrote:


>> I will say one thing about the method Carlos posted to 

>> remove the password file. I was aware of this, and I have 

>> seen posts like this in the past. Alpine has the ability 

>> to remove this password too, and I have posted in the past 

>> how to do this. This means, there are two ways to remove 

>> the password from the encryption key, and I will modify 

>> Alpine to force everyone to have a password in the 

>> encryption key.

>

> Can I ask what the specific threat model is that this step 

> is meant to combat?


If I understand correctly, the threat is that a rogue
web script can upload the password file and decrypt it at
leisure.


> An attacker with local root doesn't need to care about any 

> disk encryption; he can read your decrypted master key and 

> the plaintext of your IMAP passwords directly from memory. 

> And of course a local attacker who doesn't have root can be 

> guarded against simply with filesystem permissions.


For a remote attacker that has gained shell-level access to
the user account, uploading a file is easier than finding
the password in the memory of a running process
  - and that only works if alpine is currently running.

-- 
Andrew C. Aitchison                      Kendal, UK
                    andrew at aitchison.me.uk