On 8.4.2013, at 10.00, Heiko Schlichting <doveco...@fu-berlin.de> wrote:
>> Hmm. The AUTH_PASSWORD wasn't really an intentional addition .. but >> I guess it can stay there. Some 10 years ago that might not have been >> such a good idea since there were still some systems where process >> environment variables were readable to all users in the system, but >> I doubt there exist such systems anymore (at least where people would >> want to run Dovecot). > > Very optimistic assumption. Wouldn't it be safer to remove the password > from the environment? Anyone using checkpassword should use FD 3 and 4 for > this purpose. Environment variables and command line arguments are not safe > to transport passwords. All the OSes made the environment private 10-15 years ago. I think it's pretty safe to assume that older multiuser systems won't be running Dovecot with checkpassword backend. But .. eh. I guess: http://hg.dovecot.org/dovecot-2.2/rev/9feb2986945c