Bugs item #815297, was opened at 2003-09-30 19:42 Message generated for change (Comment added) made by ber You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=815297&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: security/privacy Group: 2.1 (stable) Status: Open Resolution: None Priority: 8 Submitted By: Bernhard Reiter (ber) Assigned to: Nobody/Anonymous (nobody) Summary: Breaking signatures in message/rfc822 attachement! Initial Comment: Mailman _must_ not touch MIME-parts which are nested more deeply in the mail. As tested with Mailman 2.1.2, header lines will be sometimes reformatted in message/rfc822 attachments which will break the OpenPGP signature (also conforming to the PGP/MIME standard) on that part. I'm attaching a simple email with on long header. Forward this as MIME part and sign it sending it through Mailman, the signature will be broken. This is an email security affecting bug, because if people start believing that a *BAD* signature does not mean much, because they get many broken by mailman, they will not react to a seriously manipulated email anymore! ----------------------------------------------------------------------

Comment By: Bernhard Reiter (ber) Date: 2005-11-26 15:58

Message: Logged In: YES user_id=113859 This is still a serious bug. I guess that the real fix will be to rewrite the email and mime handling classes to at least additionally save an original version of the different email parts without stripping and further formatting. ---------------------------------------------------------------------- Comment By: Bernhard Reiter (ber) Date: 2004-05-10 20:15 Message: Logged In: YES user_id=113859 There is another possibility when mailman breaks the signature and that is when the signed part contains an empty header with _two_ spaces after the colon, like forward and sign an email with X-Empty-Header-with-two-spaces:<space><space> patch 933757 does not remedy this, though. ---------------------------------------------------------------------- Comment By: Bernhard Reiter (ber) Date: 2004-04-12 19:17 Message: Logged In: YES user_id=113859 I have created a patch to address the problem. [ 933757 ] fix for [815297] signatures break https://sourceforge.net/tracker/index.php?func=detail&aid=933757&group_id=103&atid=300103 ---------------------------------------------------------------------- Comment By: Marc Mutz (mmutz) Date: 2003-10-03 17:54 Message: Logged In: YES user_id=82377 This is not limited to message/rfc822 at all: As a specific example, create a message with an attachment and add the header Content-Disposition: attachment; filename="more-than-70-chars. txt" (all in a single line), then send it through a mailman-managed ml. Result: mailman "fixes" the message to look like Content-Disposition: attachment; \tfilename="more-than-70-chars.txt" It even does that inside a multipart/signed part, and this is where it breaks the signature verification. ---------------------------------------------------------------------- Comment By: Bernhard Reiter (ber) Date: 2003-09-30 19:46 Message: Logged In: YES user_id=113859 Here is the email signed by myself and broken after delivery through mailman. Check the "To:" header line. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=815297&group_id=103