[PATCH] Re: Security issue / bad UI design in mutt CVS (encryption options)
* Thomas Glanzmann [Fri, 06 Aug 2004 20:20:36 +0200]:
> Hello together,
> TLR, please apply the patch. I think the voices are right and it is a
> concern for some time now.
one moment, I just thought that the "sign (a)s" would need some
discussion. in my patch, "both" + "sign as" yiend and unencrypted
message. perhaps one would let that part untouched... (done in the
patch attached this time).
> Adeodato,
> do you have also a patch for the smime stuff? Mutt should have it
> consistent, I think.
this one is even more trivial, or perhaps I'm missing something.
we'll see...
--
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
I try to keep an open mind, but not so open that my brains fall out.
--- mutt-1.5.6/pgp.c 2004-08-06 20:04:37.000000000 +0200
+++ mutt-1.5.6/pgp.c 2004-08-06 20:07:19.000000000 +0200
@@ -1476,11 +1476,11 @@
_("esabif")))
{
case 1: /* (e)ncrypt */
- msg->security ^= ENCRYPT;
+ msg->security = (ENCRYPT | msg->security & INLINE);
break;
case 2: /* (s)ign */
- msg->security ^= SIGN;
+ msg->security = (SIGN | msg->security & INLINE);
break;
case 3: /* sign (a)s */
@@ -1506,10 +1506,7 @@
break;
case 4: /* (b)oth */
- if ((msg->security & (ENCRYPT | SIGN)) == (ENCRYPT | SIGN))
- msg->security = 0;
- else
- msg->security |= (ENCRYPT | SIGN);
+ msg->security = (ENCRYPT | SIGN | msg->security & INLINE);
break;
case 5: /* (i)nline */
--- mutt-1.5.6/smime.c 2004-08-06 20:04:37.000000000 +0200
+++ mutt-1.5.6/smime.c 2004-08-06 20:31:00.000000000 +0200
@@ -1944,7 +1944,7 @@
_("eswabf")))
{
case 1: /* (e)ncrypt */
- msg->security ^= ENCRYPT;
+ msg->security |= ENCRYPT;
break;
case 3: /* encrypt (w)ith */
@@ -1977,7 +1977,7 @@
if(!SmimeDefaultKey)
mutt_message("Can\'t sign: No key specified. use sign(as).");
else
- msg->security ^= SIGN;
+ msg->security |= SIGN;
break;
case 4: /* sign (a)s */