notmuch currently treats all messages with the same Message-ID as the same message. I think this could be a vulnerability :(
If two messages have the same Message-ID, is there a guarantee of which of these messages will be produced during a notmuch show? Either way, it seems to create a potential DoS attack on notmuch users. ------- The attack: Let's say there is a public mailing list that Mallory knows [email protected] is subscribed to. [email protected] sends a message to the public mailing list detailing some problem that Bob probably needs to deal with. Mallory can just craft a content-free e-mail (or a dozen?) with the same Message-ID as Alice's message, and send it to [email protected]. If Bob uses notmuch, he is much more likely to read one of Mallory's bogus e-mails than to read Alice's original message. Mallory's e-mail could also be crafted to look like spam, in the hopes that Bob's spamfiltering scripts would mark the original message's Message-ID as spam. -------- I don't know how to fix this, and i'd be happy to hear if someone thinks my analysis above is flawed and this isn't really a problem. Any ideas on how to approach this? --dkg
pgp6mSrl7Bu7a.pgp
Description: PGP signature
_______________________________________________ notmuch mailing list [email protected] http://notmuchmail.org/mailman/listinfo/notmuch
