<<< Date Index >>>     <<< Thread Index >>>

Re: mutt/580: mutt stores PGP passphrase insecurely



The following reply was made to PR mutt/580; it has been noted by GNATS.

From: Derek Martin <invalid@xxxxxxxxxxxxxx>
To: bug-any@xxxxxxxxxxxxx, Mutt Developers <mutt-dev@xxxxxxxx>,
   96144@xxxxxxxxxxxxxxx
Cc: wk@xxxxxxxxx
Subject: Re: mutt/580: mutt stores PGP passphrase insecurely
Date: Sun, 9 Oct 2005 11:03:25 -0400

 --oyUTqETQ0mS9luUI
 Content-Type: text/plain; charset=iso-8859-1
 Content-Disposition: inline
 
 On Fri, Oct 07, 2005 at 02:42:51PM +0200, Thomas Roessler wrote:
 > On 2005-10-07 04:35:02 +0200, Derek Martin wrote:
 > 
 > >  Er, well, come on...  just because Mutt *can* use an auxiliary
 > >  program to handle encryption passphrases securely doesn't mean
 > >  mutt itself should completely ignore the issue.  As shipped,
 > >  mutt is vulnerable.
 > 
 > >  Admittedly this is not a severe issue, but it is a legitimate
 > >  security concern.  I think this really ought to be re-opened.
 > 
 > I disagree, unless someone can actually demonstrate (a) a realistic
 > attack model against which mutt is vulnerable, and (b) a defense
 > against this attack model that could be implemented.
 > 
 > Hint: Encrypting the pass phrase with a symmetric key that is kept
 > in memory is *not* a solution to an attack that is based on reading
 > the pass phrase from memory, since the attack is now shifted to the
 > equivalently complex reading of the symmetric key from memory.
 
 Well, this is very far from my area of expertise; but we all know
 someone for whom this kind of issue is near and dear...  Does Werner
 have anything to say about this?  I could do some research, but I
 think it would be better to get input from someone with more
 experience.  FWIW, how does GPG handle this problem?
 
 I admit, at first glance methods of solving this seem... yucky.  For
 example, locking memory (so that it does not swap to disk) requires
 root privileges on most platforms... making mutt SUID root seems like
 a very bad idea.  But perhaps mutt could have its own passphrase
 agent.
 
 In the end, you have a point; methods of attacking the passphrase in
 memory require the ability to either assume the user's privileges, or
 assume root privileges.  If an attacker can do that, most likely all
 bets are off anyway.  For example, if a rogue sysadmin were so
 inclined, he could install a trojaned mutt which collects private key
 passphrases.
 
 Still, I'd like to hear what others with more experience than I have
 to say about this issue.  I think it would be somewhat reassuring for
 users who don't control the system(s) on which they use mutt, and
 don't have access to gpgagent, if some attempt at solving this was
 made.
 
 -- 
 Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
 -=-=-=-=-
 This message is posted from an invalid address.  Replying to it will result in
 undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.
 
 
 --oyUTqETQ0mS9luUI
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.2.1 (GNU/Linux)
 
 iD8DBQFDSTE9HEnASN++rQIRAjbzAJ96YX+3OWCK0OrNT4kzuhABAzzbgwCeKFhF
 xxD75bSRTRnQ2NrQyTXTDds=
 =Zb0S
 -----END PGP SIGNATURE-----
 
 --oyUTqETQ0mS9luUI--