Hi All,

I just came across the bug
https://bugzilla.redhat.com/show_bug.cgi?id=733504 , CVE-2011-3201
evolution: mailto: attachment parameter can lead to accidental data
exfiltration.

Going ahead with the blacklist approach in
https://bugzilla.redhat.com/show_bug.cgi?id=733504#c8, I am attaching a
basic patch.

Kindly provide your opinion about the solution and files to be
blacklisted.

I have following list of files to be blacklisted:

"/etc/passwd", "/etc/cipe/options", "/etc/exports", "/etc/gshadow",
"/etc/hosts.allow", "/etc/hosts.deny", "/etc/hosts.equiv",
"/etc/ipsec.secrets", "/etc/lilo.conf", "/etc/ppp/chap-secrets",
"/etc/ppp/pap-secrets", "/etc/samba/smbpasswd", "/etc/securetty",
"/etc/security/access.conf", "/etc/shadow", "/etc/slip/slip.passwd",
"/etc/smbpasswd", "/etc/snmp/snmpd.conf", "/etc/ssh/shosts.equiv",
"/etc/ssh", "/etc/sudoers", "/etc/tripwire", "/etc/vpnd/mysecret.key",
"/etc/vpnd/vpnd.lcl.key", "/etc/vpnd/", "/etc/vtund.conf",
".ICEauthority", ".Xauthority", ".aim/AIM.cfg", ".cvspass",
".fetchmailrc", ".gaimrc", ".gpg/", ".gnome_private/", ".gnupg/",
".micqrc", ".ncftp/firewall", ".nessus.keys", ".netrc",
".pgp/secring.pgp", ".pgp/", ".rhosts", ".shosts",
".silc/private_key.prv", ".ssh", ".vmware", ".vnc/passwd", ".xchat/",
"/root/.ICEauthority", "/root/.Xauthority", "/root/.aim/AIM.cfg",
"/root/.cvspass", "/root/.fetchmailrc", "/root/.gaimrc", "/root/.gpg/",
"/root/.gnome_private/", "/root/.gnupg/","/root/.micqrc",
"/root/.ncftp/firewall", "/root/.nessus.keys", "/root/.netrc",
"/root/.pgp/", "/root/.rhosts", "/root/.shosts",
"/root/.silc/private_key.prv", "/root/.ssh", "/root/.vmware/",
"/root/.vnc/passwd", "/root/.xchat/serverlist.conf",
"/root/.xchat/servers.conf", "/var/log/secure*", ".", ".."

diff --git a/composer/e-msg-composer.c b/composer/e-msg-composer.c
index 22245ea..2939b6a 100644
--- a/composer/e-msg-composer.c
+++ b/composer/e-msg-composer.c
@@ -3998,6 +3998,34 @@ merge_always_cc_and_bcc (EComposerHeaderTable *table,
        merge_cc_bcc (addrv, bcc, to, *cc, *bcc);
        e_destination_freev (addrv);
 }
+static const gchar *blacklisted_files [] = {"/etc/passwd", 
"/etc/cipe/options", "/etc/exports", "/etc/gshadow", "/etc/hosts.allow", 
"/etc/hosts.deny", 
+                                               "/etc/hosts.equiv", 
"/etc/ipsec.secrets", "/etc/lilo.conf", "/etc/ppp/chap-secrets", 
+                                               "/etc/ppp/pap-secrets", 
"/etc/samba/smbpasswd", "/etc/securetty", "/etc/security/access.conf",
+                                               "/etc/shadow", 
"/etc/slip/slip.passwd", "/etc/smbpasswd", "/etc/snmp/snmpd.conf", 
"/etc/ssh/shosts.equiv",
+                                               "/etc/ssh", "/etc/sudoers", 
"/etc/tripwire", "/etc/vpnd/mysecret.key", "/etc/vpnd/vpnd.lcl.key", 
"/etc/vpnd/",
+                                               "/etc/vtund.conf", 
".ICEauthority", ".Xauthority", ".aim/AIM.cfg", ".cvspass", ".fetchmailrc", 
".gaimrc",
+                                               ".gpg/", ".gnome_private/", 
".gnupg/", ".micqrc", ".ncftp/firewall", ".nessus.keys", ".netrc", 
+                                               ".pgp/secring.pgp", ".pgp/", 
".rhosts", ".shosts", ".silc/private_key.prv", ".ssh",
+                                               ".vmware", ".vnc/passwd", 
".xchat/", "/root/.ICEauthority", "/root/.Xauthority", "/root/.aim/AIM.cfg",
+                                               "/root/.cvspass", 
"/root/.fetchmailrc", "/root/.gaimrc", "/root/.gpg/", "/root/.gnome_private/", 
"/root/.gnupg/",
+                                               "/root/.micqrc", 
"/root/.ncftp/firewall", "/root/.nessus.keys", "/root/.netrc", "/root/.pgp/", 
"/root/.rhosts",
+                                               "/root/.shosts", 
"/root/.silc/private_key.prv", "/root/.ssh", "/root/.vmware/", 
"/root/.vnc/passwd",
+                                               "/root/.xchat/serverlist.conf", 
"/root/.xchat/servers.conf", "/var/log/secure*", ".", ".."};
+
+gboolean check_blacklisted_file (gchar *filename)
+{
+       gboolean blacklisted = FALSE;
+       gint i,len;
+
+       for(i = 0; !blacklisted && i < G_N_ELEMENTS(blacklisted_files); i++)
+       {
+               len = strlen(blacklisted_files[i]);
+               if(g_strstr_len(filename, len, blacklisted_files[i]))
+                       blacklisted = TRUE;
+       }
+       
+       return blacklisted;
+}
 
 static void
 handle_mailto (EMsgComposer *composer,
@@ -4090,8 +4118,17 @@ handle_mailto (EMsgComposer *composer,
                        } else if (!g_ascii_strcasecmp (header, "attach") ||
                                   !g_ascii_strcasecmp (header, "attachment")) {
                                EAttachment *attachment;
+                               gboolean check = FALSE;
+                               GError *error = NULL;
 
                                camel_url_decode (content);
+                               check = check_blacklisted_file(content);
+                               if(check)
+                               {
+                                       g_warning("Blacklisted File");
+                                       g_set_error(&error, CAMEL_ERROR, 
CAMEL_ERROR_GENERIC,
+                                                       _("The attachment named 
%s is a hidden file and may contain sensitive data."), content);
+                               }
                                if (g_ascii_strncasecmp (content, "file:", 5) 
== 0)
                                        attachment = e_attachment_new_for_uri 
(content);
                                else
_______________________________________________
evolution-hackers mailing list
evolution-hackers@gnome.org
To change your list options or unsubscribe, visit ...
http://mail.gnome.org/mailman/listinfo/evolution-hackers

Reply via email to