On Mon, Jul 28, 2008 at 05:12:50PM +0100, Michele Martone wrote:
Hello.
I was wondering about some way to protect the passwords potentially
stored in the mutt rc files (i have multiple acccounts, and I feel
unconfortable remembering and typing all of them each time using
mutt) on my Linux
On Wed, Jul 30, 2008 at 11:39:58PM +0100, Michele Martone wrote:
So there I see no legitimate way of breaking mutt's environment via
source or exec mutt keywords.
We're not talking about breaking anything. We're talking about
someone getting your passphrases to your encryption keys by reading
Hi,
for some reason, this message I sent to the mutt-users@mutt.org list
gets filtered out!
Maybe you could forward this message on behalf of me or just read it.
I appreciated your help, and I hope to contribute in the future.
michele
---BeginMessage---
Unfortunately, the msmtp configuration
As far as I know (and `man environ`, `man popen`) is that :
- the environment can be only changed internally, via putenv(),
setenv() POSIX calls.
- the mutt backtick-based commands, like | terminated 'source's
does not perform any of the 'execve,execl,...' functions nor 'fork',
but
* Kyle Wheeler [EMAIL PROTECTED] [2008-07-28 16:52 -0500]:
On Monday, July 28 at 09:29 PM, quoth Michael Kjorling:
Something like this:
source gpg -d sensitivestuff.gpg |
No. That can't work (but we can salvage this idea). First, let me
explain why it can't work.
Think about it:
Unfortunately, the msmtp configuration part didn't go so well as I
wished it to go.
msmtp from version 1.4.15 has stdin password reading disabled, or at
least 'deprecated'; from the ChangeLog:
- Do not let getpass() read from stdin, because we read the mail from
there.
In fact, the password
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday, July 29 at 08:40 AM, quoth Nicolas Rachinsky:
For source, the ending pipe means:
If the filename ends with a vertical bar (|), then filename is
considered to be an executable program from which to read input (eg.
source
:source echo set my_var |
All I get is the error message:
source: errors in echo set my_var |
:set my_var yields my_var: unknown variable too. Try, for example,
:source echo set ?index_format |
I was going to suggest this approach as well, although I'd have proposed
On 29 Jul 2008 14:14 -0500, by [EMAIL PROTECTED] (David Champion):
I was going to suggest this approach as well, although I'd have proposed
openssl enc instead of gpg, I guess. Not much call for an asymmetric
cipher here, especially as the point is to store secret data on a
Off topic, but
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday, July 29 at 02:14 PM, quoth David Champion:
:set my_var yields my_var: unknown variable too. Try, for
example,
:source echo set ?index_format |
bonk! Wow, duh, my_* variables have to be set *to* something.
I'm kind of
On Mon, Jul 28, 2008 at 10:54:40PM -0500, Kyle Wheeler wrote:
On Monday, July 28 at 07:56 PM, quoth Derek Martin:
On Mon, Jul 28, 2008 at 12:58:00PM -0500, Kyle Wheeler wrote:
Nothing will be stored in plaintext on disk, your encryption is
guaranteed to be world-class, and best of all: it
On 29 Jul 2008 18:14 -0400, by [EMAIL PROTECTED] (Derek Martin):
The risk here is tiny, but non-zero. Someone would have to be able to
gain root priviledges to read the raw swap device to get your
That's where (on Linux, at least) encrypted swap partitions come in
handy. You can set it up to
Hello.
I was wondering about some way to protect the passwords potentially
stored in the mutt rc files (i have multiple acccounts, and I feel
unconfortable remembering and typing all of them each time using
mutt) on my Linux laptop.
My main concern is about them being stored in plaintext, which
On Mon, Jul 28, 2008 at 05:12:50PM +0100, Michele Martone wrote:
Has anybody thought or heard of a solution like this, or similar ?
I have two solutions that I’m using (on two different machines):
1. On my work GNOME machine, I have some python scripts that query
the GNOME Keyring for my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Monday, July 28 at 05:12 PM, quoth Michele Martone:
I was wondering about some way to protect the passwords potentially
stored in the mutt rc files (i have multiple acccounts, and I feel
unconfortable remembering and typing all of them each
On [EMAIL PROTECTED]:35, Justin Mazzola Paluska wrote:
...
2. On my home machine, I use GPG to decrypt the password part of the
muttrc.
uhm. could you give some examples for this solution ?
it seems to require no external workarounds at all, so it seems neat!
i experimented with
`gpg
this seems almost perfect to me. marvelous, elegant, general, thanks !
(so i do not dare to quote a piece of your email ..)
and is immensely less overkill than the solution I proposed.
still I can't stand the need of a wrapper.. if only one could use
multi line shell expansion, and place that
ehm. one more thing.
how would you deal with the MTA with the wrapper-based solution ?
i know only of :
using nbsmtp, in a dangerous way:
set sendmail=nbsmtp -P password ...
using ssmtp , in a dangerous way:
set sendmail=ssmtp -ap password ...
or using msmtp with 'password'
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Monday, July 28 at 09:53 PM, quoth Michele Martone:
this seems almost perfect to me. marvelous, elegant, general, thanks !
(so i do not dare to quote a piece of your email ..)
Happy to help!
still I can't stand the need of a wrapper.. if only
On 28 Jul 2008 21:53 +0100, by [EMAIL PROTECTED] (Michele Martone):
still I can't stand the need of a wrapper.. if only one could use
multi line shell expansion, and place that `gpg --decrypt` straight into
the muttrc.
I haven't tried it, but I can't get it out of my head... wouldn't
sourcing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Monday, July 28 at 10:13 PM, quoth Michele Martone:
ehm. one more thing.
how would you deal with the MTA with the wrapper-based solution ?
Personally? I'd compile mutt with smtp support and be done with it.
i know only of :
using nbsmtp, in a
`figlet yes, this is THE solution, working. perfect.`
thank you guys, now I'll learn to use mutt with smtp features (hope
tls/ssl is in) and I'll drop some line if Kyle won't do this already :)
On [EMAIL PROTECTED]:29, Michael Kjorling wrote:
On 28 Jul 2008 21:53 +0100, by [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Monday, July 28 at 09:29 PM, quoth Michael Kjorling:
I haven't tried it, but I can't get it out of my head... wouldn't
sourcing through a pipe something that sets the sensitive stuff
work?
Something like this:
source gpg -d
On Mon, Jul 28, 2008 at 12:58:00PM -0500, Kyle Wheeler wrote:
Thus, you will be prompted once for a passphrase when mutt loads, and
after that mutt will use those passwords as it needs them without
additional overhead.
...unless bash swaps its environment out... ;-)
--
Derek D. Martin
Man, was my last message mis-quoted! What I meant was this:
On Mon, Jul 28, 2008 at 12:58:00PM -0500, Kyle Wheeler wrote:
Nothing will be stored in plaintext on disk, your encryption is
guaranteed to be world-class, and best of all: it will work on
virtually any Unix machine.
...unless bash
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Monday, July 28 at 07:56 PM, quoth Derek Martin:
On Mon, Jul 28, 2008 at 12:58:00PM -0500, Kyle Wheeler wrote:
Nothing will be stored in plaintext on disk, your encryption is
guaranteed to be world-class, and best of all: it will work on
26 matches
Mail list logo
