[ mailman-Bugs-815297 ] Breaking signatures in message/rfc822 attachement!

SourceForge.net noreply at sourceforge.net
Tue Apr 10 02:34:19 CEST 2007


Bugs item #815297, was opened at 2003-10-01 03:42
Message generated for change (Comment added) made by chrissamuel
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=815297&group_id=103

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: security/privacy
Group: 2.1 (stable)
Status: Open
Resolution: None
Priority: 8
Private: No
Submitted By: Bernhard Reiter (ber)
Assigned to: Nobody/Anonymous (nobody)
Summary: Breaking signatures in message/rfc822 attachement!

Initial Comment:
Mailman _must_ not touch MIME-parts which are nested
more deeply in the mail. As tested with Mailman 2.1.2,
header lines will be sometimes reformatted in
message/rfc822 attachments which will break the OpenPGP
signature
(also conforming to the PGP/MIME standard) on that part.

I'm attaching a simple email with on long header.
Forward this as MIME part and sign it sending it
through Mailman,
the signature will be broken.

This is an email security affecting bug, because if people 
start believing that a *BAD* signature does not mean much,
because they get many broken by mailman, they will not
react
to a seriously manipulated email anymore!


----------------------------------------------------------------------

Comment By: Chris Samuel (chrissamuel)
Date: 2007-04-10 10:34

Message:
Logged In: YES 
user_id=1581966
Originator: NO

It may be that bug number 1605144 is also related as that too is caused by
headers being wrapped by the Python email module automatically wrapping
headers at 78 characters.

This is certainly breaking my PGP/MIME messages being sent from KMail
through Mailman, and shows up in the MIME headers being wrapped and the
original headers in attached message/rfc822 attachments getting munged.

For example:

@@ -56,7 +103,9 @@
 Content-Type: message/rfc822;
   name="forwarded message"
 Content-Transfer-Encoding: 7bit
-Content-Description: "Rachana Ananthakrishnan" <ranantha at mcs.anl.gov>:
[security-announce] Globus Security Advisory 2007-02: GSI-OpenSSH
vulnerability
+Content-Description: "Rachana Ananthakrishnan" <ranantha at mcs.anl.gov>:
+       [security-announce] Globus Security Advisory 2007-02:
+       GSI-OpenSSH vulnerability
 Content-Disposition: inline

and, further on:

 Received: from localhost (localhost [127.0.0.1])
        by mailbouncer.mcs.anl.gov (Postfix) with ESMTP id 73FB112AC5
-       for <glbs-security-announce at mailbouncer.mcs.anl.gov>; Mon,  9 Apr
2007 10:23:46 -0500 (CDT)
+       for <glbs-security-announce at mailbouncer.mcs.anl.gov>;
+       Mon,  9 Apr 2007 10:23:46 -0500 (CDT)
 Received: from mcs.anl.gov (cliff.mcs.anl.gov [140.221.9.17])

As I wrote in my comment on bug 1605144 it appears that by passing through
maxheaderlen set to 0 to all calls of Generator in the email module then
you shouldn't get this wrapping behaviour, though I don't know when this
appeared in Python.

----------------------------------------------------------------------

Comment By: Bernhard Reiter (ber)
Date: 2005-11-27 01:58

Message:
Logged In: YES 
user_id=113859

This is still a serious bug.
I guess that the real fix will be to rewrite the email 
and mime handling classes to at least additionally save
an original version of the different email parts
without stripping and further formatting.

----------------------------------------------------------------------

Comment By: Bernhard Reiter (ber)
Date: 2004-05-11 04:15

Message:
Logged In: YES 
user_id=113859

There is another possibility when
mailman breaks the signature and that is
when the signed part contains 
an empty header with _two_ spaces after
the colon, like forward and sign an email with

X-Empty-Header-with-two-spaces:<space><space>

patch 933757 does not remedy this, though.


----------------------------------------------------------------------

Comment By: Bernhard Reiter (ber)
Date: 2004-04-13 03:17

Message:
Logged In: YES 
user_id=113859

I have created a patch to address the problem.

[ 933757 ] fix for [815297] signatures break
https://sourceforge.net/tracker/index.php?func=detail&aid=933757&group_id=103&atid=300103


----------------------------------------------------------------------

Comment By: Marc Mutz (mmutz)
Date: 2003-10-04 01:54

Message:
Logged In: YES 
user_id=82377

This is not limited to message/rfc822 at all: 
 
As a specific example, create a message with an attachment 
and add the header 
Content-Disposition: attachment; filename=&quot;more-than-70-chars.
txt&quot; 
(all in a single line), then send it through a mailman-managed ml. 
Result: mailman &quot;fixes&quot; the message to look like 
Content-Disposition: attachment; 
\tfilename=&quot;more-than-70-chars.txt&quot; 
 
It even does that inside a multipart/signed part, and this is 
where it breaks the signature verification. 

----------------------------------------------------------------------

Comment By: Bernhard Reiter (ber)
Date: 2003-10-01 03:46

Message:
Logged In: YES 
user_id=113859

Here is the email signed by myself and broken 
after delivery through mailman. Check the &quot;To:&quot; header line.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=815297&group_id=103


More information about the Mailman-coders mailing list