[Evolution-hackers] CVE-2011-3201 Issue in evolution

2011-09-12 Thread Vibha Yadav
Hi All,

I just came across the bug
https://bugzilla.redhat.com/show_bug.cgi?id=733504 , CVE-2011-3201
evolution: mailto: attachment parameter can lead to accidental data

Going ahead with the blacklist approach in
https://bugzilla.redhat.com/show_bug.cgi?id=733504#c8, I am attaching a
basic patch.

Kindly provide your opinion about the solution and files to be

I have following list of files to be blacklisted:

/etc/passwd, /etc/cipe/options, /etc/exports, /etc/gshadow,
/etc/hosts.allow, /etc/hosts.deny, /etc/hosts.equiv,
/etc/ipsec.secrets, /etc/lilo.conf, /etc/ppp/chap-secrets,
/etc/ppp/pap-secrets, /etc/samba/smbpasswd, /etc/securetty,
/etc/security/access.conf, /etc/shadow, /etc/slip/slip.passwd,
/etc/smbpasswd, /etc/snmp/snmpd.conf, /etc/ssh/shosts.equiv,
/etc/ssh, /etc/sudoers, /etc/tripwire, /etc/vpnd/mysecret.key,
/etc/vpnd/vpnd.lcl.key, /etc/vpnd/, /etc/vtund.conf,
.ICEauthority, .Xauthority, .aim/AIM.cfg, .cvspass,
.fetchmailrc, .gaimrc, .gpg/, .gnome_private/, .gnupg/,
.micqrc, .ncftp/firewall, .nessus.keys, .netrc,
.pgp/secring.pgp, .pgp/, .rhosts, .shosts,
.silc/private_key.prv, .ssh, .vmware, .vnc/passwd, .xchat/,
/root/.ICEauthority, /root/.Xauthority, /root/.aim/AIM.cfg,
/root/.cvspass, /root/.fetchmailrc, /root/.gaimrc, /root/.gpg/,
/root/.gnome_private/, /root/.gnupg/,/root/.micqrc,
/root/.ncftp/firewall, /root/.nessus.keys, /root/.netrc,
/root/.pgp/, /root/.rhosts, /root/.shosts,
/root/.silc/private_key.prv, /root/.ssh, /root/.vmware/,
/root/.vnc/passwd, /root/.xchat/serverlist.conf,
/root/.xchat/servers.conf, /var/log/secure*, ., ..

diff --git a/composer/e-msg-composer.c b/composer/e-msg-composer.c
index 22245ea..2939b6a 100644
--- a/composer/e-msg-composer.c
+++ b/composer/e-msg-composer.c
@@ -3998,6 +3998,34 @@ merge_always_cc_and_bcc (EComposerHeaderTable *table,
merge_cc_bcc (addrv, bcc, to, *cc, *bcc);
e_destination_freev (addrv);
+static const gchar *blacklisted_files [] = {/etc/passwd, 
/etc/cipe/options, /etc/exports, /etc/gshadow, /etc/hosts.allow, 
+   /etc/hosts.equiv, 
/etc/ipsec.secrets, /etc/lilo.conf, /etc/ppp/chap-secrets, 
+   /etc/ppp/pap-secrets, 
/etc/samba/smbpasswd, /etc/securetty, /etc/security/access.conf,
+   /etc/shadow, 
/etc/slip/slip.passwd, /etc/smbpasswd, /etc/snmp/snmpd.conf, 
+   /etc/ssh, /etc/sudoers, 
/etc/tripwire, /etc/vpnd/mysecret.key, /etc/vpnd/vpnd.lcl.key, 
+   /etc/vtund.conf, 
.ICEauthority, .Xauthority, .aim/AIM.cfg, .cvspass, .fetchmailrc, 
+   .gpg/, .gnome_private/, 
.gnupg/, .micqrc, .ncftp/firewall, .nessus.keys, .netrc, 
+   .pgp/secring.pgp, .pgp/, 
.rhosts, .shosts, .silc/private_key.prv, .ssh,
+   .vmware, .vnc/passwd, 
.xchat/, /root/.ICEauthority, /root/.Xauthority, /root/.aim/AIM.cfg,
+   /root/.cvspass, 
/root/.fetchmailrc, /root/.gaimrc, /root/.gpg/, /root/.gnome_private/, 
+   /root/.micqrc, 
/root/.ncftp/firewall, /root/.nessus.keys, /root/.netrc, /root/.pgp/, 
+   /root/.shosts, 
/root/.silc/private_key.prv, /root/.ssh, /root/.vmware/, 
+   /root/.xchat/serverlist.conf, 
/root/.xchat/servers.conf, /var/log/secure*, ., ..};
+gboolean check_blacklisted_file (gchar *filename)
+   gboolean blacklisted = FALSE;
+   gint i,len;
+   for(i = 0; !blacklisted  i  G_N_ELEMENTS(blacklisted_files); i++)
+   {
+   len = strlen(blacklisted_files[i]);
+   if(g_strstr_len(filename, len, blacklisted_files[i]))
+   blacklisted = TRUE;
+   }
+   return blacklisted;
 static void
 handle_mailto (EMsgComposer *composer,
@@ -4090,8 +4118,17 @@ handle_mailto (EMsgComposer *composer,
} else if (!g_ascii_strcasecmp (header, attach) ||
   !g_ascii_strcasecmp (header, attachment)) {
EAttachment *attachment;
+   gboolean check = FALSE;
+   GError *error = NULL;
camel_url_decode (content);
+   check = check_blacklisted_file(content);
+   if(check)
+   {
+   g_warning(Blacklisted File);
+   g_set_error(error, CAMEL_ERROR, 

Re: [Evolution-hackers] CVE-2011-3201 Issue in evolution

2011-09-12 Thread Matthew Barnes
On Mon, 2011-09-12 at 00:40 -0600, Vibha Yadav wrote: 
 I have following list of files to be blacklisted:

I know we discussed this already, but just to clarify for others: the
blacklist only applies to attach parameters in mailto: URLs.  You can
still attach any file manually in the composer window.

I think instead of the blacklist consisting entirely of individual file
names, which we'll constantly have to amend, you can eliminate most of
these and be pretty darn future-proof by applying the following rules:

  - No hidden files (e.g. .foo).

  - No files in hidden directories (e.g. .secret/foo).

  - No files under /etc.

  - No files with .. as a path component.

That leaves only a few individual files in the blacklist, which we can
amend as needed.

When eliminating a file attachment in a mailto: URL, print a message to
the terminal stating so -- suspicious attachment $FILENAME was removed
for security -- or something thereabouts.

evolution-hackers mailing list
To change your list options or unsubscribe, visit ...