SSL/TLS-configuration in KDE 4.3

Sat Sep 5 00:56:29 BST 2009

John posted on Fri, 04 Sep 2009 22:56:02 +0100 as excerpted:

> I'm running kde 3.5.7 release 92.9 and kmail 1.9.6 enterprise suse 64bit
>  Say I right click an email address in from and select add to address
>  book I
> get
> 
> The address book '/home/john/.kde/share/apps............' is locked by
> application ''.
> If you believe this is incorrect, just remove the lock file from
> '/home/john...................
> 
> If I open the address book and select and entry and delete it I get the
> same message and the deleted entry disappears. If I close the address
> book and open it again it's there again. This also leaves me wondering
> why an application can read the files without having obtained a password
> but maybe the kmail start up password explains this.

I don't believe the address book has any specific password protection on 
it.  It's a simple contact database.  So that's why you don't need a 
password to access it.

But you should to actually receive mail (POP3 or IMAP), and to send it if 
your mail provider isn't using POP3-before-SMTP or simple IP based 
authentication as many do.  But kmail normally remembers the passwords 
once it gets them, which it normally does from kwallet.  Whether that can 
be turned off to require authentication each time, I don't know, as I'm 
fine with it remembering them, here.

> The backdoor goes back to a spooky experience on here. I asked how to
> recover email passwords from kmail. I had lost my hard copy of them. The
> thread eventually suggested that I should really use kwallet to protect
> the password files and my address book as they are not secure. Next
> thing my address book and email password files had gone. This is too
> spooky to be a coincidence.

I've not examined the sources, but I'd put that as coincidence here.  I'm 
not saying you're wrong, mind, just saying that's not demonstrable proof, 
and someone would have to be pretty bold to try it with open source -- 
tho you do read occasionally of crack attempts where someone tried 
slipping some illicit code into the repository.  The kernel had one 
awhile back, but caught it.  I'd be more inclined to believe it was due 
to a crash and faulty fsck/journal-replay, tho.

> The install is as per suse and I haven't
> activated anything that could allow this to happen. Also checked for
> root kits etc. On top of this I have wondered if Kevin posts via a proxy
> to protect himself - just on the basis of a question he asked some time
> ago. One thing for sure my email files disappeared at an extra
> ordinarily appropriate time to leave me feeling a more than a little
> paranoid on this subject.  I have also gone through rites and sharing
> etc. No clue there either. My set up also flies through all of the
> grc.com checks. Pity there isn't a site that aims the checks
> specifically at a linux machine.
> 
> These days I take steps to ensure that back tracing my emails to the
> list are highly unlikely to lead to my machine but the mechanism some
> one used must still be there.

Such steps can be wise in any case, if you're not sure about the security 
of your computer as seems to be the case there.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.