From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Daniel Colascione Newsgroups: gmane.emacs.bugs Subject: bug#18967: Tramp disables important SSH security features Date: Thu, 06 Nov 2014 00:47:40 +0000 Message-ID: <545AC52C.1090807@dancol.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="xXl1JqxlMGcUo1iOb6EOGR2UTh6EaeWXa" X-Trace: ger.gmane.org 1415234967 32277 80.91.229.3 (6 Nov 2014 00:49:27 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 6 Nov 2014 00:49:27 +0000 (UTC) To: 18967@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Nov 06 01:49:21 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XmBGK-0001Iv-LI for geb-bug-gnu-emacs@m.gmane.org; Thu, 06 Nov 2014 01:49:20 +0100 Original-Received: from localhost ([::1]:49299 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XmBGK-00050a-9O for geb-bug-gnu-emacs@m.gmane.org; Wed, 05 Nov 2014 19:49:20 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:43760) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XmBG9-0004zl-Uk for bug-gnu-emacs@gnu.org; Wed, 05 Nov 2014 19:49:17 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XmBG2-0004pg-8h for bug-gnu-emacs@gnu.org; Wed, 05 Nov 2014 19:49:09 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:53392) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XmBG2-0004pa-56 for bug-gnu-emacs@gnu.org; Wed, 05 Nov 2014 19:49:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1XmBG1-0002Of-Ms for bug-gnu-emacs@gnu.org; Wed, 05 Nov 2014 19:49:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Daniel Colascione Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 06 Nov 2014 00:49:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 18967 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: X-Debbugs-Original-To: bug-emacs Original-Received: via spool by submit@debbugs.gnu.org id=B.14152349019076 (code B ref -1); Thu, 06 Nov 2014 00:49:01 +0000 Original-Received: (at submit) by debbugs.gnu.org; 6 Nov 2014 00:48:21 +0000 Original-Received: from localhost ([127.0.0.1]:50605 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XmBFM-0002MI-Mz for submit@debbugs.gnu.org; Wed, 05 Nov 2014 19:48:20 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:41847) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XmBFK-0002M5-8s for submit@debbugs.gnu.org; Wed, 05 Nov 2014 19:48:18 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XmBFB-0004jh-QD for submit@debbugs.gnu.org; Wed, 05 Nov 2014 19:48:17 -0500 Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:48635) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XmBFB-0004jc-NK for submit@debbugs.gnu.org; Wed, 05 Nov 2014 19:48:09 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:43533) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XmBF5-0004sw-87 for bug-gnu-emacs@gnu.org; Wed, 05 Nov 2014 19:48:09 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XmBEy-0004hw-Li for bug-gnu-emacs@gnu.org; Wed, 05 Nov 2014 19:48:03 -0500 Original-Received: from dancol.org ([96.126.100.184]:50390) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XmBEy-0004hD-9u for bug-gnu-emacs@gnu.org; Wed, 05 Nov 2014 19:47:56 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dancol.org; s=x; h=Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=rh7AY1tR7Th8Sxtx7Kuaa2qsSu2mYdhyYF2zUbn7DHM=; b=neSvEHv4cMNMDJpv0SPRZ9+l2pAdu8u9AofA819j8qvMNw0Jnzf7skI/1htzbSN9nKJgqQk1bnnbjG8qBsCuDBP1v20Ag6s/J6RQXSQmBk60HG2zY1OfkjfLcNbdOMqpvVUfslD53MzWEMXihiQ1VSMFdrP490TlNy6wK294fd+EwAmr176qBQzAbcaBhwEjSyz2+FsIJKSny+9bBG8sDKuFNs5pZBanGBEEFVv8pHxrBTaoXx3U1vsOMyZIFL7VRT2Ik0CoHkz+6JP5jaASGSkqQ7WrfMkmVgh9wkO7kDmN1pJ6YLh4CNgNGA0ffQR/eaZ6q0ChO2sAUshoEIUIuA==; Original-Received: from [199.201.65.2] (helo=[172.30.31.127]) by dancol.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84) (envelope-from ) id 1XmBEp-0000MD-Ju for bug-gnu-emacs@gnu.org; Wed, 05 Nov 2014 16:47:47 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:95589 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xXl1JqxlMGcUo1iOb6EOGR2UTh6EaeWXa Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Tramp disables SSH host key checks by setting GlobalKnownHostsFile=3D/dev/null, UserKnownHostsFile=3D/dev/null, and StrictHostKeyChecking=3Dno in its default method configuration. These settings allow attackers to intercept connections to remote hosts, sniff passwords, and cause other mischief. I don't think we should ship an insecure configuration. --xXl1JqxlMGcUo1iOb6EOGR2UTh6EaeWXa Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUWsUsAAoJEN4WImmbpWBlJ0oP/jU+WEC4WKvS9c88H0Jj3S31 4EU9mTE7GlII62jJadY6uYsv/WdpfwkJ6pfpCwjB70/vdR36ezOHXT+NctqtOPoi Y2w8ufCJkVF8+H45x7cV8d5Ooj2hFn2YjwHth1IbYmm0oDzIRKrKWJd08SWWXUxt OQv5k8wVQD4CAUxg6MRBIGIFF6/6FpJwpxgsiEDeHBexxytxry0kF0CzS+7X+1gb QbRDcRZAg2t3mI/I3tujKIVA8rqGnFqwowfiekfJZ3gwlnGYn23PvJRVF6Jf6Nzz FrW5SkRmsaVUSCsw1iUy+d814uvw21DHHeHHbIY4pHjvSG3O13tpDWsJP3yJBAlI vSc4aHivClnH2da7hvotC1l/OCfXFoHU1E3/6LYsxkrsZa/toPg1M4ZVMLdhGKwn CCBwluyhcXx199q6Oxe8BJZaXAKftsAzVWSxnKnShlCzIVum/e1mHdgZhe+GC1qJ qw8s3PAVKPHbe79kqFwSN2xjYO+b1q7HUoNhoVvC5lsmFVgWRnSZThXMxsfQRG/o gE2W/TrbYcEvugsQZqJqzpR+KwypO3FnAcEMN3JqQijcgmil04nDYwy3hXqR0cw7 LLfVaXIYjGnyAxgeGG5wXuxagFnx/6mAuCrtc7egY3jBxiLMOPR0secykaq/HB6p uhVrNq6EsAnxRomA3EDM =2IvW -----END PGP SIGNATURE----- --xXl1JqxlMGcUo1iOb6EOGR2UTh6EaeWXa--