Re: [PATCH] Remove absolute paths from gpg.rc
On Sat, Mar 17, 2007 at 09:54:25AM -0400, Derek Martin wrote:
> On Sat, Mar 17, 2007 at 11:08:12AM +0000, Ian Collier wrote:
> > In that case, you get them to download an authorized_keys file for ssh...
> Well sure, there's only so much Mutt can do on its own -- and
> remember, we're talking about mitigating a (hypothetical) bug in
> Mutt.. it's already not a perfect situation. But the attack you
> mention can be foiled in a number of ways.
It's not that I disagree with anything you said, but the proposition was
"If you can modify someone's personal files, the game's already over"
and I demonstrated a case where that's (sometimes) true. As you say,
there are ways to foil this particular attack, but most users will not
have done so.
It doesn't even have to be a bug in mutt which allowed the modification.
The original case was plonking an executable in the user's path so that
mutt will execute it if it doesn't trust the user's path. Another
involved appending malicious commands to your .muttrc. Whether this
is done by exploiting a mutt bug or not, this does demonstrate that
if someone can modify your files you've already lost the game. (By
implication this then says there's no point in adding a security feature
to mutt which protects you if someone has dumped a random binary in your
path, since you have no security at that point. But I disagree with the
search-the-path patch for other reasons.)