Re: [Evolution-hackers] CVE-2011-3201 Issue in evolution

2011-09-12 Thread Matthew Barnes 
On Mon, 2011-09-12 at 00:40 -0600, Vibha Yadav wrote: 
> I have following list of files to be blacklisted:

I know we discussed this already, but just to clarify for others: the
blacklist only applies to "attach" parameters in mailto: URLs.  You can
still attach any file manually in the composer window.

I think instead of the blacklist consisting entirely of individual file
names, which we'll constantly have to amend, you can eliminate most of
these and be pretty darn future-proof by applying the following rules:

  - No hidden files (e.g. ".foo").

  - No files in hidden directories (e.g. ".secret/foo").

  - No files under /etc.

  - No files with ".." as a path component.

That leaves only a few individual files in the blacklist, which we can
amend as needed.

When eliminating a file attachment in a mailto: URL, print a message to
the terminal stating so -- "suspicious attachment $FILENAME was removed
for security" -- or something thereabouts.



___
evolution-hackers mailing list
evolution-hackers@gnome.org
To change your list options or unsubscribe, visit ...
http://mail.gnome.org/mailman/listinfo/evolution-hackers

[Evolution-hackers] CVE-2011-3201 Issue in evolution

2011-09-12 Thread Vibha Yadav 
Hi All,

I just came across the bug
https://bugzilla.redhat.com/show_bug.cgi?id=733504 , CVE-2011-3201
evolution: mailto: attachment parameter can lead to accidental data
exfiltration.

Going ahead with the blacklist approach in
https://bugzilla.redhat.com/show_bug.cgi?id=733504#c8, I am attaching a
basic patch.

Kindly provide your opinion about the solution and files to be
blacklisted.

I have following list of files to be blacklisted:

"/etc/passwd", "/etc/cipe/options", "/etc/exports", "/etc/gshadow",
"/etc/hosts.allow", "/etc/hosts.deny", "/etc/hosts.equiv",
"/etc/ipsec.secrets", "/etc/lilo.conf", "/etc/ppp/chap-secrets",
"/etc/ppp/pap-secrets", "/etc/samba/smbpasswd", "/etc/securetty",
"/etc/security/access.conf", "/etc/shadow", "/etc/slip/slip.passwd",
"/etc/smbpasswd", "/etc/snmp/snmpd.conf", "/etc/ssh/shosts.equiv",
"/etc/ssh", "/etc/sudoers", "/etc/tripwire", "/etc/vpnd/mysecret.key",
"/etc/vpnd/vpnd.lcl.key", "/etc/vpnd/", "/etc/vtund.conf",
".ICEauthority", ".Xauthority", ".aim/AIM.cfg", ".cvspass",
".fetchmailrc", ".gaimrc", ".gpg/", ".gnome_private/", ".gnupg/",
".micqrc", ".ncftp/firewall", ".nessus.keys", ".netrc",
".pgp/secring.pgp", ".pgp/", ".rhosts", ".shosts",
".silc/private_key.prv", ".ssh", ".vmware", ".vnc/passwd", ".xchat/",
"/root/.ICEauthority", "/root/.Xauthority", "/root/.aim/AIM.cfg",
"/root/.cvspass", "/root/.fetchmailrc", "/root/.gaimrc", "/root/.gpg/",
"/root/.gnome_private/", "/root/.gnupg/","/root/.micqrc",
"/root/.ncftp/firewall", "/root/.nessus.keys", "/root/.netrc",
"/root/.pgp/", "/root/.rhosts", "/root/.shosts",
"/root/.silc/private_key.prv", "/root/.ssh", "/root/.vmware/",
"/root/.vnc/passwd", "/root/.xchat/serverlist.conf",
"/root/.xchat/servers.conf", "/var/log/secure*", ".", ".."

diff --git a/composer/e-msg-composer.c b/composer/e-msg-composer.c
index 22245ea..2939b6a 100644
--- a/composer/e-msg-composer.c
+++ b/composer/e-msg-composer.c
@@ -3998,6 +3998,34 @@ merge_always_cc_and_bcc (EComposerHeaderTable *table,
merge_cc_bcc (addrv, bcc, to, *cc, *bcc);
e_destination_freev (addrv);
 }
+static const gchar *blacklisted_files [] = {"/etc/passwd", 
"/etc/cipe/options", "/etc/exports", "/etc/gshadow", "/etc/hosts.allow", 
"/etc/hosts.deny", 
+   "/etc/hosts.equiv", 
"/etc/ipsec.secrets", "/etc/lilo.conf", "/etc/ppp/chap-secrets", 
+   "/etc/ppp/pap-secrets", 
"/etc/samba/smbpasswd", "/etc/securetty", "/etc/security/access.conf",
+   "/etc/shadow", 
"/etc/slip/slip.passwd", "/etc/smbpasswd", "/etc/snmp/snmpd.conf", 
"/etc/ssh/shosts.equiv",
+   "/etc/ssh", "/etc/sudoers", 
"/etc/tripwire", "/etc/vpnd/mysecret.key", "/etc/vpnd/vpnd.lcl.key", 
"/etc/vpnd/",
+   "/etc/vtund.conf", 
".ICEauthority", ".Xauthority", ".aim/AIM.cfg", ".cvspass", ".fetchmailrc", 
".gaimrc",
+   ".gpg/", ".gnome_private/", 
".gnupg/", ".micqrc", ".ncftp/firewall", ".nessus.keys", ".netrc", 
+   ".pgp/secring.pgp", ".pgp/", 
".rhosts", ".shosts", ".silc/private_key.prv", ".ssh",
+   ".vmware", ".vnc/passwd", 
".xchat/", "/root/.ICEauthority", "/root/.Xauthority", "/root/.aim/AIM.cfg",
+   "/root/.cvspass", 
"/root/.fetchmailrc", "/root/.gaimrc", "/root/.gpg/", "/root/.gnome_private/", 
"/root/.gnupg/",
+   "/root/.micqrc", 
"/root/.ncftp/firewall", "/root/.nessus.keys", "/root/.netrc", "/root/.pgp/", 
"/root/.rhosts",
+   "/root/.shosts", 
"/root/.silc/private_key.prv", "/root/.ssh", "/root/.vmware/", 
"/root/.vnc/passwd",
+   "/root/.xchat/serverlist.conf", 
"/root/.xchat/servers.conf", "/var/log/secure*", ".", ".."};
+
+gboolean check_blacklisted_file (gchar *filename)
+{
+   gboolean blacklisted = FALSE;
+   gint i,len;
+
+   for(i = 0; !blacklisted && i < G_N_ELEMENTS(blacklisted_files); i++)
+   {
+   len = strlen(blacklisted_files[i]);
+   if(g_strstr_len(filename, len, blacklisted_files[i]))
+   blacklisted = TRUE;
+   }
+   
+   return blacklisted;
+}
 
 static void
 handle_mailto (EMsgComposer *composer,
@@ -4090,8 +4118,17 @@ handle_mailto (EMsgComposer *composer,
} else if (!g_ascii_strcasecmp (header, "attach") ||
   !g_ascii_strcasecmp (header, "attachment")) {
EAttachment *attachment;
+   gboolean check = FALSE;
+   GError *error = NULL;
 
camel_url_decode (content);
+   check