Hi All,
I just came across the bug
https://bugzilla.redhat.com/show_bug.cgi?id=733504 , CVE-2011-3201
evolution: mailto: attachment parameter can lead to accidental data
exfiltration.
Going ahead with the blacklist approach in
https://bugzilla.redhat.com/show_bug.cgi?id=733504#c8, I am attaching a
basic patch.
Kindly provide your opinion about the solution and files to be
blacklisted.
I have following list of files to be blacklisted:
/etc/passwd, /etc/cipe/options, /etc/exports, /etc/gshadow,
/etc/hosts.allow, /etc/hosts.deny, /etc/hosts.equiv,
/etc/ipsec.secrets, /etc/lilo.conf, /etc/ppp/chap-secrets,
/etc/ppp/pap-secrets, /etc/samba/smbpasswd, /etc/securetty,
/etc/security/access.conf, /etc/shadow, /etc/slip/slip.passwd,
/etc/smbpasswd, /etc/snmp/snmpd.conf, /etc/ssh/shosts.equiv,
/etc/ssh, /etc/sudoers, /etc/tripwire, /etc/vpnd/mysecret.key,
/etc/vpnd/vpnd.lcl.key, /etc/vpnd/, /etc/vtund.conf,
.ICEauthority, .Xauthority, .aim/AIM.cfg, .cvspass,
.fetchmailrc, .gaimrc, .gpg/, .gnome_private/, .gnupg/,
.micqrc, .ncftp/firewall, .nessus.keys, .netrc,
.pgp/secring.pgp, .pgp/, .rhosts, .shosts,
.silc/private_key.prv, .ssh, .vmware, .vnc/passwd, .xchat/,
/root/.ICEauthority, /root/.Xauthority, /root/.aim/AIM.cfg,
/root/.cvspass, /root/.fetchmailrc, /root/.gaimrc, /root/.gpg/,
/root/.gnome_private/, /root/.gnupg/,/root/.micqrc,
/root/.ncftp/firewall, /root/.nessus.keys, /root/.netrc,
/root/.pgp/, /root/.rhosts, /root/.shosts,
/root/.silc/private_key.prv, /root/.ssh, /root/.vmware/,
/root/.vnc/passwd, /root/.xchat/serverlist.conf,
/root/.xchat/servers.conf, /var/log/secure*, ., ..
diff --git a/composer/e-msg-composer.c b/composer/e-msg-composer.c
index 22245ea..2939b6a 100644
--- a/composer/e-msg-composer.c
+++ b/composer/e-msg-composer.c
@@ -3998,6 +3998,34 @@ merge_always_cc_and_bcc (EComposerHeaderTable *table,
merge_cc_bcc (addrv, bcc, to, *cc, *bcc);
e_destination_freev (addrv);
}
+static const gchar *blacklisted_files [] = {/etc/passwd,
/etc/cipe/options, /etc/exports, /etc/gshadow, /etc/hosts.allow,
/etc/hosts.deny,
+ /etc/hosts.equiv,
/etc/ipsec.secrets, /etc/lilo.conf, /etc/ppp/chap-secrets,
+ /etc/ppp/pap-secrets,
/etc/samba/smbpasswd, /etc/securetty, /etc/security/access.conf,
+ /etc/shadow,
/etc/slip/slip.passwd, /etc/smbpasswd, /etc/snmp/snmpd.conf,
/etc/ssh/shosts.equiv,
+ /etc/ssh, /etc/sudoers,
/etc/tripwire, /etc/vpnd/mysecret.key, /etc/vpnd/vpnd.lcl.key,
/etc/vpnd/,
+ /etc/vtund.conf,
.ICEauthority, .Xauthority, .aim/AIM.cfg, .cvspass, .fetchmailrc,
.gaimrc,
+ .gpg/, .gnome_private/,
.gnupg/, .micqrc, .ncftp/firewall, .nessus.keys, .netrc,
+ .pgp/secring.pgp, .pgp/,
.rhosts, .shosts, .silc/private_key.prv, .ssh,
+ .vmware, .vnc/passwd,
.xchat/, /root/.ICEauthority, /root/.Xauthority, /root/.aim/AIM.cfg,
+ /root/.cvspass,
/root/.fetchmailrc, /root/.gaimrc, /root/.gpg/, /root/.gnome_private/,
/root/.gnupg/,
+ /root/.micqrc,
/root/.ncftp/firewall, /root/.nessus.keys, /root/.netrc, /root/.pgp/,
/root/.rhosts,
+ /root/.shosts,
/root/.silc/private_key.prv, /root/.ssh, /root/.vmware/,
/root/.vnc/passwd,
+ /root/.xchat/serverlist.conf,
/root/.xchat/servers.conf, /var/log/secure*, ., ..};
+
+gboolean check_blacklisted_file (gchar *filename)
+{
+ gboolean blacklisted = FALSE;
+ gint i,len;
+
+ for(i = 0; !blacklisted i G_N_ELEMENTS(blacklisted_files); i++)
+ {
+ len = strlen(blacklisted_files[i]);
+ if(g_strstr_len(filename, len, blacklisted_files[i]))
+ blacklisted = TRUE;
+ }
+
+ return blacklisted;
+}
static void
handle_mailto (EMsgComposer *composer,
@@ -4090,8 +4118,17 @@ handle_mailto (EMsgComposer *composer,
} else if (!g_ascii_strcasecmp (header, attach) ||
!g_ascii_strcasecmp (header, attachment)) {
EAttachment *attachment;
+ gboolean check = FALSE;
+ GError *error = NULL;
camel_url_decode (content);
+ check = check_blacklisted_file(content);
+ if(check)
+ {
+ g_warning(Blacklisted File);
+ g_set_error(error, CAMEL_ERROR,
CAMEL_ERROR_GENERIC,
+