From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Daniel Kahn Gillmor Newsgroups: gmane.emacs.bugs Subject: bug#25429: 24.5; mml-secure-message-encrypt-pgpmime warns about some User IDs with unknown validity but not about others Date: Thu, 12 Jan 2017 11:02:44 -0500 Message-ID: <87mvewqna3.fsf@alice.fifthhorseman.net> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Trace: blaine.gmane.org 1484240145 18897 195.159.176.226 (12 Jan 2017 16:55:45 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 12 Jan 2017 16:55:45 +0000 (UTC) To: 25429@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Jan 12 17:55:39 2017 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cRiev-0003ad-Nm for geb-bug-gnu-emacs@m.gmane.org; Thu, 12 Jan 2017 17:55:30 +0100 Original-Received: from localhost ([::1]:35188 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cRiey-0001lx-Jo for geb-bug-gnu-emacs@m.gmane.org; Thu, 12 Jan 2017 11:55:32 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:51872) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cRiXm-0002o1-OG for bug-gnu-emacs@gnu.org; Thu, 12 Jan 2017 11:48:11 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cRiXi-0002iH-9W for bug-gnu-emacs@gnu.org; Thu, 12 Jan 2017 11:48:06 -0500 Original-Received: from debbugs.gnu.org ([208.118.235.43]:36344) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cRiXi-0002i1-6E for bug-gnu-emacs@gnu.org; Thu, 12 Jan 2017 11:48:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1cRiXi-0002VY-09 for bug-gnu-emacs@gnu.org; Thu, 12 Jan 2017 11:48:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Daniel Kahn Gillmor Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 12 Jan 2017 16:48:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 25429 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.14842396369574 (code B ref -1); Thu, 12 Jan 2017 16:48:01 +0000 Original-Received: (at submit) by debbugs.gnu.org; 12 Jan 2017 16:47:16 +0000 Original-Received: from localhost ([127.0.0.1]:51743 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cRiWy-0002UK-3u for submit@debbugs.gnu.org; Thu, 12 Jan 2017 11:47:16 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:60734) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cRiWw-0002U7-T0 for submit@debbugs.gnu.org; Thu, 12 Jan 2017 11:47:15 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cRiWn-0002Do-QC for submit@debbugs.gnu.org; Thu, 12 Jan 2017 11:47:09 -0500 Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:38980) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cRiWf-00027Q-He for submit@debbugs.gnu.org; Thu, 12 Jan 2017 11:47:05 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:51656) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cRiWa-0001pQ-8O for bug-gnu-emacs@gnu.org; Thu, 12 Jan 2017 11:46:57 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cRiWV-000232-4G for bug-gnu-emacs@gnu.org; Thu, 12 Jan 2017 11:46:52 -0500 Original-Received: from che.mayfirst.org ([162.247.75.118]:50004) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cRiWK-0001zT-EN for bug-gnu-emacs@gnu.org; Thu, 12 Jan 2017 11:46:47 -0500 Original-Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 1DFA4F99A for ; Thu, 12 Jan 2017 11:46:32 -0500 (EST) Original-Received: by fifthhorseman.net (Postfix, from userid 1000) id A91E220588; Thu, 12 Jan 2017 11:02:48 -0500 (EST) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:128038 Archived-At: --=-=-= Content-Type: text/plain This is a security bug in Emacs' mml mode when composing encrypted mail. The flaw allows an attacker to potentially trigger selection of the wrong key, and to evade a warning from gpg. Here's the situation: I'm composing a mesage in emacs in mml-mode (using notmuch, fwiw, though i don't think that matters here), and i want to send it encrypted. I use mml-secure-message-encrypt-pgpmime (via C-c RET c p) to encrypt the message. I have two friends, Alice and Bob, who have OpenPGP certificates that look like this: pub rsa4096 2016-06-02 [SC] 80213BD8FF27C90997B9F87215EA6D25570092DE uid [ unknown] Alice uid [ full ] Alice sub rsa4096 2016-06-02 [E] pub rsa4096 2016-08-16 [SC] F3CCEF926FE16622B7050F0804AEEB8BE699F289 uid [ unknown] Bob sub rsa4096 2016-08-16 [E] These are the only certs in my keyring other than my own. Note that i've managed to certify Alice's example.com User ID, but not her example.org User ID (she probably added that User ID after i checked signatures). When the mail is addressed only to bob@example.net, i get this warning when sending; if i answer "n" then the message doesn't go out: Untrusted key 04AEEB8BE699F289 Bob . Use anyway? (y or n) When the mail is addressed only to alice@example.com, i get no such warning, the message is just signed, encrypted, and sent. So far, so good :) However, when i send mail to alice@example.org, i *also* get no warning, despite the fact that the alice@example.org User ID has the same level of calculated validity as the bob@example.net User ID. This points to a nitpick and a real underlying problem, both related. Nitpick first: * The message "Untrusted key" warning message is misleading, since this has nothing to do with GnuPG's concept of "trust", or of the key. Instead, it should be looking at the validity of the binding between the User ID and the key. So the message should say something like: Unknown validity of key 04AEEB8BE699F289 for 'Bob '. Use anyway? And the real problem: * it looks like mml is actually basing its decision about the warning on the *maximum* validity of all User IDs on the certificate as a whole, rather than on the validity of the User ID that it cares about. This is a security flaw. Consider the situation above, but where Alice decides she wants to be able to read Bob's encrypted mail. If she were to add a new User ID to her OpenPGP certificate that was "bob@example.net", and i imported that cert into my keyring (e.g. while doing regular refreshes from the keyserver) then future messages that i encrypt to Bob would *not* have the warning, and would be encrypted to the wrong key. So mml is not testing the right information reported by gpg when it makes this decision. --dkg In GNU Emacs 24.5.1 (x86_64-pc-linux-gnu, GTK+ Version 3.22.5) of 2016-12-18 on x86-ubc-01, modified by Debian Windowing system distributor `The X.Org Foundation', version 11.0.11900000 System Description: Debian GNU/Linux testing (stretch) Configured using: `configure --build x86_64-linux-gnu --prefix=/usr --sharedstatedir=/var/lib --libexecdir=/usr/lib --localstatedir=/var/lib --infodir=/usr/share/info --mandir=/usr/share/man --with-pop=yes --enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.5/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.5/site-lisp:/usr/share/emacs/site-lisp --build x86_64-linux-gnu --prefix=/usr --sharedstatedir=/var/lib --libexecdir=/usr/lib --localstatedir=/var/lib --infodir=/usr/share/info --mandir=/usr/share/man --with-pop=yes --enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.5/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.5/site-lisp:/usr/share/emacs/site-lisp --with-x=yes --with-x-toolkit=gtk3 --with-toolkit-scroll-bars 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/emacs24-aUhNHM/emacs24-24.5+1=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -fno-PIE' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'LDFLAGS=-Wl,-z,relro -no-pie'' Important settings: value of $LANG: en_US.UTF-8 locale-coding-system: utf-8-unix --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOCdgUepHf6PklTkyFJitxsGSMjcFAlh3qKUACgkQFJitxsGS Mjf6YRAAhvjAtlkHRSCFYIMpiS0kyH9cytfjR0LBypK+a2Zo93tBnaUIPy/2MGx5 6FVqDv24dWOO83GL0i3t5jqoWWznaJpfmRhhND5injpJwJRKU0NPxOgsJIFX0TwL K18X2XkyktrXrwN3azZL3enYe+zEYvHXMQo+MBWDdaDYhqaKcWnB5gwBp9tLLBfa KrG40aCi9+ALbFCtoB5PqIIb2SoQDGeULjREpNijICE7wLINuM7XPJ1btb8OoIhF xLlMG8kEOUY/IKJ0DT0KDR5veL8P+iyrDSmNHE6DW81Zc4Dfjm9K1uywBnbFAFi8 eqLKLuTBaZkfsQzOtZ7b+bpP/AmhGGk1S/cXuOJacvuQZk/A4MlpiZ40h1xh57Vq unibe5r5kqsq/R0Y53eKPleXtEUGUMB1x9pzBjIl7e0Lbjno1Q9Tw2XJUnIs4WAV c5aITnVDugcHg5MBQ+cWMihUwYQrMkraNSF4bKNIX+kffQ1xvkRdrk96eQtN/ND0 amQaSsZkiG4D4sthpA98aae8hscuTzlC04e2cu4LEyqfP9kndEh/Lj/VAzCNG33T +DWIqFDoH2WNddrulA1B/5x5L+P+iCMSltNqXypDpqqpVJgzgvw+a2bymr+HU8cW IVFlbKOSvaE+elt/uheb0SwYuIluT8Q+pFAMsA474VxCq4JyvRA= =x+r6 -----END PGP SIGNATURE----- --=-=-=--