On Fri, Apr 26, 2013 at 01:48:36AM +0200, Vincent Lefevre wrote: > On 2013-04-25 10:13:30 -0500, Derek Martin wrote: > > In "normal" e-mail operations, this may be dependent on the behavior > > of the mail client, i.e. if it sends separate messages for each > > recipient. In an attack, this is not interesting. The attacker is at > > your site (he must be, in order to effect a temp file attack). So, he > > can either send the message to the target and himself from your > > machine, or he can just telnet to your SMTP server and write the > > message by hand. > The server normally adds a "Received:" header with some information > unknown to the attacker.
I'm sorry Vincent but you're wrong. The header gets added, it's the same in both the target and attacker's copies. All that's required to guarantee this is to name both recipients in the same SMTP transaction on the target's SMTP server. The copy delivered to both the target and the attacker will be 100% identical. I already showed you it was. > Anyway, I've seen that you haven't proposed anything else. > Is your point to make Mutt uninstallable on machines without > a /dev/random? I have in fact. Two and a half years ago even. Use mkstemp() and use the link() method to create the full name. The whole point of this subthread is that choosing not to rely on the system-provided library routines is folly. You can't provide anything better portably--your system libraries will already use the best source of randomness available to them. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
pgpnOZ8uwyghE.pgp
Description: PGP signature
