Re: mutt/580: mutt stores PGP passphrase insecurely
The following reply was made to PR mutt/580; it has been noted by GNATS.
From: Derek Martin <invalid@xxxxxxxxxxxxxx>
To: bug-any@xxxxxxxxxxxxx, Mutt Developers <mutt-dev@xxxxxxxx>,
96144@xxxxxxxxxxxxxxx
Cc: wk@xxxxxxxxx
Subject: Re: mutt/580: mutt stores PGP passphrase insecurely
Date: Sun, 9 Oct 2005 11:03:25 -0400
--oyUTqETQ0mS9luUI
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
On Fri, Oct 07, 2005 at 02:42:51PM +0200, Thomas Roessler wrote:
> On 2005-10-07 04:35:02 +0200, Derek Martin wrote:
>
> > Er, well, come on... just because Mutt *can* use an auxiliary
> > program to handle encryption passphrases securely doesn't mean
> > mutt itself should completely ignore the issue. As shipped,
> > mutt is vulnerable.
>
> > Admittedly this is not a severe issue, but it is a legitimate
> > security concern. I think this really ought to be re-opened.
>
> I disagree, unless someone can actually demonstrate (a) a realistic
> attack model against which mutt is vulnerable, and (b) a defense
> against this attack model that could be implemented.
>
> Hint: Encrypting the pass phrase with a symmetric key that is kept
> in memory is *not* a solution to an attack that is based on reading
> the pass phrase from memory, since the attack is now shifted to the
> equivalently complex reading of the symmetric key from memory.
Well, this is very far from my area of expertise; but we all know
someone for whom this kind of issue is near and dear... Does Werner
have anything to say about this? I could do some research, but I
think it would be better to get input from someone with more
experience. FWIW, how does GPG handle this problem?
I admit, at first glance methods of solving this seem... yucky. For
example, locking memory (so that it does not swap to disk) requires
root privileges on most platforms... making mutt SUID root seems like
a very bad idea. But perhaps mutt could have its own passphrase
agent.
In the end, you have a point; methods of attacking the passphrase in
memory require the ability to either assume the user's privileges, or
assume root privileges. If an attacker can do that, most likely all
bets are off anyway. For example, if a rogue sysadmin were so
inclined, he could install a trojaned mutt which collects private key
passphrases.
Still, I'd like to hear what others with more experience than I have
to say about this issue. I think it would be somewhat reassuring for
users who don't control the system(s) on which they use mutt, and
don't have access to gpgagent, if some attempt at solving this was
made.
--
Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address. Replying to it will result in
undeliverable mail. Sorry for the inconvenience. Thank the spammers.
--oyUTqETQ0mS9luUI
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFDSTE9HEnASN++rQIRAjbzAJ96YX+3OWCK0OrNT4kzuhABAzzbgwCeKFhF
xxD75bSRTRnQ2NrQyTXTDds=
=Zb0S
-----END PGP SIGNATURE-----
--oyUTqETQ0mS9luUI--