Re: [PATCH] emacs: Quote MML tags in replies
On Thu, 19 Jan 2012 22:26:02 -0500, Aaron Ecay aarone...@gmail.com wrote: On Fri, 20 Jan 2012 00:21:08 +0100, Pieter Praet pie...@praet.org wrote: So, would I be right to assume MML tags in signatures are never evaluated to begin with? Otherwise, there would still be a security hole, no? I am thinking of MML tags that a user puts in their own signature. If that case is a security hole, then the hole is in the user’s brain and not in notmuch. :) Ah, right... I didn't bother checking what the mark's position would be, so assumed we were talking about the signature in the *quoted* message. Won't happen again :) -- Aaron Ecay Peace -- Pieter ___ notmuch mailing list notmuch@notmuchmail.org http://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: Quote MML tags in replies
On Thu, 19 Jan 2012 13:43:09 -0500, Aaron Ecay aarone...@gmail.com wrote: - (message-goto-body)) + (message-goto-body) + (mml-quote-region (point) (mark))) Obviously good. It would be nice to have a comment about why it's `mark' and not `point-max'. In fact, it would be good to have a comment explaining why `mml-quote-region' is required. pgpfUJ3Z51F5j.pgp Description: PGP signature ___ notmuch mailing list notmuch@notmuchmail.org http://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: Quote MML tags in replies
On Thu, 19 Jan 2012 13:43:09 -0500, Aaron Ecay aarone...@gmail.com wrote: Emacs message-mode uses certain text strings to indicate how to attach files to outgoing mail. If these are present in the text of an email, and a user is tricked into replying to the message, the user’s files could be exposed. --- Can you include a NEWS patch against release with next version? We should probably roll 0.11.1 with this fix. d ___ notmuch mailing list notmuch@notmuchmail.org http://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: Quote MML tags in replies
On Thu, 19 Jan 2012 13:43:09 -0500, Aaron Ecay aarone...@gmail.com wrote: Emacs message-mode uses certain text strings to indicate how to attach files to outgoing mail. If these are present in the text of an email, and a user is tricked into replying to the message, the user’s files could be exposed. --- To demonstrate this, open a reply to this message then remove the exclamation marks after the hash marks below. Create a file in your home directory called passwd. Then press C-u M-x mml-preview. A (possibly base64-encoded) version of your ~/passwd file will replace the following lines: #!part type=application/octet-stream filename=~/passwd disposition=attachment description=foo #!/part It works equally well (and more dangerously) with /etc/passwd, but I didn't use that filename here to avoid the danger of someone accidentally attaching their /etc/passwd to a reply in this thread! emacs/notmuch-mua.el |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el index d8ab822..c25c6b9 100644 --- a/emacs/notmuch-mua.el +++ b/emacs/notmuch-mua.el @@ -115,7 +115,8 @@ list. (push-mark)) (set-buffer-modified-p nil) - (message-goto-body)) + (message-goto-body) + (mml-quote-region (point) (mark))) (defun notmuch-mua-forward-message () (message-forward) -- 1.7.8.3 ___ notmuch mailing list notmuch@notmuchmail.org http://notmuchmail.org/mailman/listinfo/notmuch Wow, nice catch! You've just earned yourself a raise! An urgent +1 ! ### OT: For some reason, `mml-quote-region' explicitly re-quotes already quoted MML tags: #!*/?\\(multipart\\|part\\|external\\|mml\\) Why is that ? Peace -- Pieter ___ notmuch mailing list notmuch@notmuchmail.org http://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: Quote MML tags in replies
Quoth Pieter Praet on Jan 19 at 11:23 pm: On Thu, 19 Jan 2012 13:43:09 -0500, Aaron Ecay aarone...@gmail.com wrote: Emacs message-mode uses certain text strings to indicate how to attach files to outgoing mail. If these are present in the text of an email, and a user is tricked into replying to the message, the user’s files could be exposed. --- To demonstrate this, open a reply to this message then remove the exclamation marks after the hash marks below. Create a file in your home directory called passwd. Then press C-u M-x mml-preview. A (possibly base64-encoded) version of your ~/passwd file will replace the following lines: #!part type=application/octet-stream filename=~/passwd disposition=attachment description=foo #!/part It works equally well (and more dangerously) with /etc/passwd, but I didn't use that filename here to avoid the danger of someone accidentally attaching their /etc/passwd to a reply in this thread! emacs/notmuch-mua.el |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el index d8ab822..c25c6b9 100644 --- a/emacs/notmuch-mua.el +++ b/emacs/notmuch-mua.el @@ -115,7 +115,8 @@ list. (push-mark)) (set-buffer-modified-p nil) - (message-goto-body)) + (message-goto-body) + (mml-quote-region (point) (mark))) (defun notmuch-mua-forward-message () (message-forward) Wow, nice catch! You've just earned yourself a raise! Indeed. An urgent +1 ! ### OT: For some reason, `mml-quote-region' explicitly re-quotes already quoted MML tags: #!*/?\\(multipart\\|part\\|external\\|mml\\) Why is that ? Probably so the transformation is invertible, though as far as I can tell there's no mml-unquote-region. ___ notmuch mailing list notmuch@notmuchmail.org http://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: Quote MML tags in replies
LGTM and I think it could go in despite my two comments below. Quoth Aaron Ecay on Jan 19 at 1:43 pm: Emacs message-mode uses certain text strings to indicate how to attach files to outgoing mail. If these are present in the text of an email, and a user is tricked into replying to the message, the user’s files could be exposed. --- To demonstrate this, open a reply to this message then remove the exclamation marks after the hash marks below. Create a file in your home directory called passwd. Then press C-u M-x mml-preview. A (possibly base64-encoded) version of your ~/passwd file will replace the following lines: #!part type=application/octet-stream filename=~/passwd disposition=attachment description=foo #!/part It works equally well (and more dangerously) with /etc/passwd, but I didn't use that filename here to avoid the danger of someone accidentally attaching their /etc/passwd to a reply in this thread! emacs/notmuch-mua.el |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el index d8ab822..c25c6b9 100644 --- a/emacs/notmuch-mua.el +++ b/emacs/notmuch-mua.el @@ -115,7 +115,8 @@ list. (push-mark)) (set-buffer-modified-p nil) - (message-goto-body)) + (message-goto-body) + (mml-quote-region (point) (mark))) Did you consider using point-max instead of mark? IIRC, that mark was very recently introduced which, perhaps irrationally, makes it seem less future-proof to me. (defun notmuch-mua-forward-message () (message-forward) Speaking of future-proofing, it would be good to have a test. ___ notmuch mailing list notmuch@notmuchmail.org http://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: Quote MML tags in replies
On Thu, 19 Jan 2012 17:46:31 -0500, Austin Clements amdra...@mit.edu wrote: ### OT: For some reason, `mml-quote-region' explicitly re-quotes already quoted MML tags: #!*/?\\(multipart\\|part\\|external\\|mml\\) Why is that ? Probably so the transformation is invertible, though as far as I can tell there's no mml-unquote-region. Sending the message (or doing M-x mml-preview) undoes the quoting. So if the original message contains an already-quoted tag, constructing the reply double-quotes it, and sending the reply will produce the original single-quoted tag again. -- Aaron Ecay ___ notmuch mailing list notmuch@notmuchmail.org http://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: Quote MML tags in replies
On Thu, 19 Jan 2012 17:48:42 -0500, Austin Clements amdra...@mit.edu wrote: Did you consider using point-max instead of mark? IIRC, that mark was very recently introduced which, perhaps irrationally, makes it seem less future-proof to me. Well, if the patch goes in and someone changes the code so that it no longer sets the mark (in the same way), they will be the one breaking stuff, and they’ll have to come up with the fix themself. Using point-max would include the signature in the quoting as well. It would probably be fairly odd to want to put an MML tag in one’s signature, but that doesn’t mean that we should break that usage. (defun notmuch-mua-forward-message () (message-forward) Speaking of future-proofing, it would be good to have a test. It would. ;) I’ll work on one. -- Aaron Ecay ___ notmuch mailing list notmuch@notmuchmail.org http://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: Quote MML tags in replies
On Thu, 19 Jan 2012 17:52:23 -0500, Aaron Ecay aarone...@gmail.com wrote: On Thu, 19 Jan 2012 17:46:31 -0500, Austin Clements amdra...@mit.edu wrote: ### OT: For some reason, `mml-quote-region' explicitly re-quotes already quoted MML tags: #!*/?\\(multipart\\|part\\|external\\|mml\\) Why is that ? Probably so the transformation is invertible, though as far as I can tell there's no mml-unquote-region. Sending the message (or doing M-x mml-preview) undoes the quoting. So if the original message contains an already-quoted tag, constructing the reply double-quotes it, and sending the reply will produce the original single-quoted tag again. Thanks! This list just keeps on giving; Free education, I tell ya... -- Aaron Ecay Peace -- Pieter ___ notmuch mailing list notmuch@notmuchmail.org http://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: Quote MML tags in replies
On Thu, 19 Jan 2012 17:56:16 -0500, Aaron Ecay aarone...@gmail.com wrote: On Thu, 19 Jan 2012 17:48:42 -0500, Austin Clements amdra...@mit.edu wrote: Did you consider using point-max instead of mark? IIRC, that mark was very recently introduced which, perhaps irrationally, makes it seem less future-proof to me. Well, if the patch goes in and someone changes the code so that it no longer sets the mark (in the same way), they will be the one breaking stuff, and they’ll have to come up with the fix themself. [...] True that. [...] Using point-max would include the signature in the quoting as well. It would probably be fairly odd to want to put an MML tag in one’s signature, but that doesn’t mean that we should break that usage. So, would I be right to assume MML tags in signatures are never evaluated to begin with? Otherwise, there would still be a security hole, no? (defun notmuch-mua-forward-message () (message-forward) Speaking of future-proofing, it would be good to have a test. It would. ;) I’ll work on one. Thanks! These might save you some time: id:1310313335-4159-1-git-send-email-pie...@praet.org -- Aaron Ecay ___ notmuch mailing list notmuch@notmuchmail.org http://notmuchmail.org/mailman/listinfo/notmuch Peace -- Pieter ___ notmuch mailing list notmuch@notmuchmail.org http://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: Quote MML tags in replies
On Fri, 20 Jan 2012 00:21:08 +0100, Pieter Praet pie...@praet.org wrote: So, would I be right to assume MML tags in signatures are never evaluated to begin with? Otherwise, there would still be a security hole, no? I am thinking of MML tags that a user puts in their own signature. If that case is a security hole, then the hole is in the user’s brain and not in notmuch. :) -- Aaron Ecay ___ notmuch mailing list notmuch@notmuchmail.org http://notmuchmail.org/mailman/listinfo/notmuch
