[Python-bugs-list] [ python-Bugs-580495 ] mimetools module privacy leak

noreply@sourceforge.net noreply@sourceforge.net
Fri, 12 Jul 2002 02:35:38 -0700


Bugs item #580495, was opened at 2002-07-12 09:35
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=580495&group_id=5470

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: paul rubin (phr)
Assigned to: Nobody/Anonymous (nobody)
Summary: mimetools module privacy leak

Initial Comment:
The mimetools "choose_boundary" function according to
its doc
returns a string of the form
'hostipaddr.uid.pid.timestamp.random'.
If this separator is actually used in a message, it
reveals the host ID
and UID of the sender.  This is a privacy breach
similar to the discovery
that Microsoft Word files contained user GUID's
revealing the user's
PC's ethernet card's MAC address (since fixed, after
the story was
published on the front page of the New York Times about
2 years ago).
Some info is at

  http://www.junkbusters.com/microsoft.html#advisory


The fix for choose_boundary is to make the boundary
string completely
random and not have it reveal personal information
about the user.


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=580495&group_id=5470