Re: mutt/580: mutt stores PGP passphrase insecurely

To: bug-any@xxxxxxxxxxxxx, Mutt Developers <mutt-dev@xxxxxxxx>, 96144@xxxxxxxxxxxxxxx
Subject: Re: mutt/580: mutt stores PGP passphrase insecurely
From: Derek Martin <invalid@xxxxxxxxxxxxxx>
Date: Sun, 9 Oct 2005 11:03:25 -0400
Cc: wk@xxxxxxxxx
In-reply-to: <20051007124251.GN15847@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?body=unsubscribe>
Mail-followup-to: bug-any@xxxxxxxxxxxxx, Mutt Developers <mutt-dev@xxxxxxxx>, 96144@xxxxxxxxxxxxxxx, wk@xxxxxxxxx
References: <mutt-pr-580@xxxxxxxxxxxxx> <E1ENi4c-000418-8t@xxxxxxxxxxxxxxxxxxxx> <20051007124251.GN15847@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Mutt/1.5.9i

On Fri, Oct 07, 2005 at 02:42:51PM +0200, Thomas Roessler wrote:
> On 2005-10-07 04:35:02 +0200, Derek Martin wrote:
> 
> >  Er, well, come on...  just because Mutt *can* use an auxiliary
> >  program to handle encryption passphrases securely doesn't mean
> >  mutt itself should completely ignore the issue.  As shipped,
> >  mutt is vulnerable.
> 
> >  Admittedly this is not a severe issue, but it is a legitimate
> >  security concern.  I think this really ought to be re-opened.
> 
> I disagree, unless someone can actually demonstrate (a) a realistic
> attack model against which mutt is vulnerable, and (b) a defense
> against this attack model that could be implemented.
> 
> Hint: Encrypting the pass phrase with a symmetric key that is kept
> in memory is *not* a solution to an attack that is based on reading
> the pass phrase from memory, since the attack is now shifted to the
> equivalently complex reading of the symmetric key from memory.

Well, this is very far from my area of expertise; but we all know
someone for whom this kind of issue is near and dear...  Does Werner
have anything to say about this?  I could do some research, but I
think it would be better to get input from someone with more
experience.  FWIW, how does GPG handle this problem?

I admit, at first glance methods of solving this seem... yucky.  For
example, locking memory (so that it does not swap to disk) requires
root privileges on most platforms... making mutt SUID root seems like
a very bad idea.  But perhaps mutt could have its own passphrase
agent.

In the end, you have a point; methods of attacking the passphrase in
memory require the ability to either assume the user's privileges, or
assume root privileges.  If an attacker can do that, most likely all
bets are off anyway.  For example, if a rogue sysadmin were so
inclined, he could install a trojaned mutt which collects private key
passphrases.

Still, I'd like to hear what others with more experience than I have
to say about this issue.  I think it would be somewhat reassuring for
users who don't control the system(s) on which they use mutt, and
don't have access to gpgagent, if some attempt at solving this was
made.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.

Attachment: pgpym4NTEZ2vI.pgp
Description: PGP signature

Follow-Ups:
- Re: mutt/580: mutt stores PGP passphrase insecurely
  - From: Thomas Roessler

References:
- Re: mutt/580: mutt stores PGP passphrase insecurely
  - From: Derek Martin
- Re: mutt/580: mutt stores PGP passphrase insecurely
  - From: Thomas Roessler

Prev by Date: Re: mutt/580: mutt stores PGP passphrase insecurely
Next by Date: Re: mutt/2095: configure incorrectly builds Makefile for Solaris with ncurses
Previous by thread: Re: mutt/580: mutt stores PGP passphrase insecurely
Next by thread: Re: mutt/580: mutt stores PGP passphrase insecurely
Index(es):
- Date
- Thread