Re: [Mutt] #2839: GnuPG and GnuPG clients unsigned data injection
#2839: GnuPG and GnuPG clients unsigned data injection vulnerability
-------------------------------------------+--------------------------------
Reporter: Christoph Berg <cb@xxxxxxxx> | Owner: mutt-dev
Type: defect | Status: new
Priority: minor | Milestone: 1.6
Component: crypto | Version:
Resolution: | Keywords:
-------------------------------------------+--------------------------------
Comment(by pdmef):
If I'm reading the links the right, we need to parse the status output of
gnupg (once we know that we're actually using gnupg, not sure what the
best/easiest/most reliable way to find out is) and buffer each new plain
text part in a new tempfile since the status output tells us only
afterwards whether the text was signed. After that we can compose a final
tempfile to be displayed to the user with proper visual blocks indicating
what is covered by gpg and what is not.
Since now the traditional pgp interface relies on commands and is more a
pipe filter mechanism, this sounds quite difficult to implement cleanly
since I think we'd need to apply the status parser on all gpg output we
get.
Some more questions:
* as the commands are highly configurable, so what if a user doesn't have
--status-fd in his settings? Should we enforce it?
* how do we determine we're actually using gpg? Apply a heuristic on the
given pgp_*_command/pgp_good_sig setting? Apply a heuristic on the status
output we're getting?
--
Ticket URL: <http://dev.mutt.org/trac/ticket/2839#comment:3>
Mutt <http://www.mutt.org/>
The Mutt mail user agent