unofficial mirror of notmuch@notmuchmail.org
 help / color / mirror / code / Atom feed
* [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail
@ 2014-08-29 18:05 David Bremner
  2014-08-30  7:37 ` Jani Nikula
  2021-12-26 11:28 ` David Bremner
  0 siblings, 2 replies; 11+ messages in thread
From: David Bremner @ 2014-08-29 18:05 UTC (permalink / raw)
  To: notmuch


[-- Attachment #0: Type: message/rfc822, Size: 6349 bytes --]

[-- Attachment #1.1: Type: text/plain, Size: 1656 bytes --]

Package: notmuch-emacs
Version: 0.18.1-1
Severity: normal

Thanks for notmuch-emacs!

When sending mail from notmuch-emacs interface, I usually use pgpmine
signatures, but sometimes I want to send a signed encrypted message, so
I manually edit the mode=sign to mode=signencrypt ... but if I make a
typo, i.e. mode=signinvalidencrypt, notmuch happily and without warning
sends the mail unencrypted.

i.e. #secure method=pgpmime mode=signinvalidencrypt will end up
sending an encrypted message (with the <>, of course).

It seems like it should error out if the mode= is set to an invalid or
unknown value, rather than sending mail in the clear.

I've got this set up in ~/.emacs, not sure what all else might be coming
into play:

 '(message-setup-hook (quote (mml-secure-message-sign)))
 '(notmuch-crypto-process-mime t)


live well,
  vagrant


-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (120, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
armhf

Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages notmuch depends on:
ii  libc6           2.19-9
ii  libglib2.0-0    2.40.0-4
ii  libgmime-2.6-0  2.6.20-1
ii  libnotmuch3     0.18.1-1
ii  libtalloc2      2.1.1-2
ii  zlib1g          1:1.2.8.dfsg-1

Versions of packages notmuch recommends:
ii  alot           0.3.5-2
ii  gnupg-agent    2.0.25-2
ii  notmuch-emacs  0.18.1-1
ii  notmuch-mutt   0.18.1-1
ii  notmuch-vim    0.18.1-1

notmuch suggests no packages.

-- no debconf information

[-- Attachment #1.2: Type: application/pgp-signature, Size: 818 bytes --]

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail
  2014-08-29 18:05 [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail David Bremner
@ 2014-08-30  7:37 ` Jani Nikula
  2014-09-02  5:57   ` Daniel Kahn Gillmor
  2021-12-26 11:28 ` David Bremner
  1 sibling, 1 reply; 11+ messages in thread
From: Jani Nikula @ 2014-08-30  7:37 UTC (permalink / raw)
  To: David Bremner, notmuch

On Thu, 28 Aug 2014, Vagrant Cascadian <vagrant@debian.org> wrote:
> When sending mail from notmuch-emacs interface, I usually use pgpmine
> signatures, but sometimes I want to send a signed encrypted message, so
> I manually edit the mode=sign to mode=signencrypt ... but if I make a
> typo, i.e. mode=signinvalidencrypt, notmuch happily and without warning
> sends the mail unencrypted.
> 
> i.e. #secure method=pgpmime mode=signinvalidencrypt will end up
> sending an encrypted message (with the <>, of course).
> 
> It seems like it should error out if the mode= is set to an invalid or
> unknown value, rather than sending mail in the clear.
> 
> I've got this set up in ~/.emacs, not sure what all else might be coming
> into play:
> 
>  '(message-setup-hook (quote (mml-secure-message-sign)))
>  '(notmuch-crypto-process-mime t)

I'm inclined to think this is a bug in message-mode. But we should
probably try to see what we could do to mitigate this.

As a workaround of sorts, I'd suggest not messing with the #secure tag
manually. Instead, you can use mml-secure-message-sign and
mml-secure-message-sign-encrypt to change the mode.

BR,
Jani.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail
  2014-08-30  7:37 ` Jani Nikula
@ 2014-09-02  5:57   ` Daniel Kahn Gillmor
  2014-09-02  8:02     ` Tomi Ollila
  0 siblings, 1 reply; 11+ messages in thread
From: Daniel Kahn Gillmor @ 2014-09-02  5:57 UTC (permalink / raw)
  To: Jani Nikula, David Bremner, notmuch

[-- Attachment #1: Type: text/plain, Size: 450 bytes --]

On 08/30/2014 03:37 AM, Jani Nikula wrote:
> I'm inclined to think this is a bug in message-mode. 

I agree it's a bug in message-mode, not in notmuch itself.

> As a workaround of sorts, I'd suggest not messing with the #secure tag
> manually. Instead, you can use mml-secure-message-sign and
> mml-secure-message-sign-encrypt to change the mode.

the keybindings for those are usually:

 C-c RET s p
 C-c RET c p

hth,

	--dkg



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 949 bytes --]

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail
  2014-09-02  5:57   ` Daniel Kahn Gillmor
@ 2014-09-02  8:02     ` Tomi Ollila
  2014-11-12 20:17       ` David Edmondson
  0 siblings, 1 reply; 11+ messages in thread
From: Tomi Ollila @ 2014-09-02  8:02 UTC (permalink / raw)
  To: Daniel Kahn Gillmor, Jani Nikula, David Bremner, notmuch

On Tue, Sep 02 2014, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:

> On 08/30/2014 03:37 AM, Jani Nikula wrote:
>> I'm inclined to think this is a bug in message-mode. 
>
> I agree it's a bug in message-mode, not in notmuch itself.

I think it might be here:

http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258

(it takes time to load, please wait...)

If cond does not match, then don't fail...

Tomi

>
>> As a workaround of sorts, I'd suggest not messing with the #secure tag
>> manually. Instead, you can use mml-secure-message-sign and
>> mml-secure-message-sign-encrypt to change the mode.
>
> the keybindings for those are usually:
>
>  C-c RET s p
>  C-c RET c p
>
> hth,
>
> 	--dkg
>
>
> _______________________________________________
> notmuch mailing list
> notmuch@notmuchmail.org
> http://notmuchmail.org/mailman/listinfo/notmuch

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail
  2014-09-02  8:02     ` Tomi Ollila
@ 2014-11-12 20:17       ` David Edmondson
  2014-11-29 19:09         ` David Bremner
  0 siblings, 1 reply; 11+ messages in thread
From: David Edmondson @ 2014-11-12 20:17 UTC (permalink / raw)
  To: Tomi Ollila, Daniel Kahn Gillmor, Jani Nikula, David Bremner, notmuch

On Tue, Sep 02 2014, Tomi Ollila wrote:
> On Tue, Sep 02 2014, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
>
>> On 08/30/2014 03:37 AM, Jani Nikula wrote:
>>> I'm inclined to think this is a bug in message-mode. 
>>
>> I agree it's a bug in message-mode, not in notmuch itself.
>
> I think it might be here:
>
> http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258
>
> (it takes time to load, please wait...)
>
> If cond does not match, then don't fail...

This looks to have been fixed in emacs at the end of September 2014.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail
  2014-11-12 20:17       ` David Edmondson
@ 2014-11-29 19:09         ` David Bremner
  2014-12-01  6:41           ` David Edmondson
  2016-02-08 17:52           ` David Edmondson
  0 siblings, 2 replies; 11+ messages in thread
From: David Bremner @ 2014-11-29 19:09 UTC (permalink / raw)
  To: notmuch, 759646

David Edmondson <dme@dme.org> writes:

> On Tue, Sep 02 2014, Tomi Ollila wrote:
>> On Tue, Sep 02 2014, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
>>
>>> On 08/30/2014 03:37 AM, Jani Nikula wrote:
>>>> I'm inclined to think this is a bug in message-mode. 
>>>
>>> I agree it's a bug in message-mode, not in notmuch itself.
>>
>> I think it might be here:
>>
>> http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258
>>
>> (it takes time to load, please wait...)
>>
>> If cond does not match, then don't fail...
>
> This looks to have been fixed in emacs at the end of September 2014.

Right, this fix was released in emacs 24.4

I'm a little torn what to do here. On the one hand the upstream change
fixes the bug as reported. On the other hand, if something corrupts the
#secure tag (e.g., by deleting a letter), then the message is still sent
un-uncrypted.

d

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail
  2014-11-29 19:09         ` David Bremner
@ 2014-12-01  6:41           ` David Edmondson
  2014-12-01  6:45             ` David Bremner
  2016-02-08 17:52           ` David Edmondson
  1 sibling, 1 reply; 11+ messages in thread
From: David Edmondson @ 2014-12-01  6:41 UTC (permalink / raw)
  To: David Bremner, notmuch, 759646

On Sat, Nov 29 2014, David Bremner wrote:
> David Edmondson <dme@dme.org> writes:
>
>> On Tue, Sep 02 2014, Tomi Ollila wrote:
>>> On Tue, Sep 02 2014, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
>>>
>>>> On 08/30/2014 03:37 AM, Jani Nikula wrote:
>>>>> I'm inclined to think this is a bug in message-mode. 
>>>>
>>>> I agree it's a bug in message-mode, not in notmuch itself.
>>>
>>> I think it might be here:
>>>
>>> http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258
>>>
>>> (it takes time to load, please wait...)
>>>
>>> If cond does not match, then don't fail...
>>
>> This looks to have been fixed in emacs at the end of September 2014.
>
> Right, this fix was released in emacs 24.4
>
> I'm a little torn what to do here. On the one hand the upstream change
> fixes the bug as reported. On the other hand, if something corrupts the
> #secure tag (e.g., by deleting a letter), then the message is still sent
> un-uncrypted.

I'm unclear on what you mean. Is it that "upgrade to 24.4" is not a good
enough answer, because we are still leaving pre-24.4 people out in the
cold?

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail
  2014-12-01  6:41           ` David Edmondson
@ 2014-12-01  6:45             ` David Bremner
  2014-12-01  7:16               ` David Edmondson
  0 siblings, 1 reply; 11+ messages in thread
From: David Bremner @ 2014-12-01  6:45 UTC (permalink / raw)
  To: David Edmondson, notmuch, 759646

David Edmondson <dme@dme.org> writes:

>> I'm a little torn what to do here. On the one hand the upstream change
>> fixes the bug as reported. On the other hand, if something corrupts the
>> #secure tag (e.g., by deleting a letter), then the message is still sent
>> un-uncrypted.
>
> I'm unclear on what you mean. Is it that "upgrade to 24.4" is not a good
> enough answer, because we are still leaving pre-24.4 people out in the
> cold?

No, I mean the fix is rather narrow in that editing somewhere else on
the same line causes the same problem as before, even in 24.4

d

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail
  2014-12-01  6:45             ` David Bremner
@ 2014-12-01  7:16               ` David Edmondson
  0 siblings, 0 replies; 11+ messages in thread
From: David Edmondson @ 2014-12-01  7:16 UTC (permalink / raw)
  To: David Bremner, notmuch, 759646

On Mon, Dec 01 2014, David Bremner wrote:
> David Edmondson <dme@dme.org> writes:
>
>>> I'm a little torn what to do here. On the one hand the upstream change
>>> fixes the bug as reported. On the other hand, if something corrupts the
>>> #secure tag (e.g., by deleting a letter), then the message is still sent
>>> un-uncrypted.
>>
>> I'm unclear on what you mean. Is it that "upgrade to 24.4" is not a good
>> enough answer, because we are still leaving pre-24.4 people out in the
>> cold?
>
> No, I mean the fix is rather narrow in that editing somewhere else on
> the same line causes the same problem as before, even in 24.4

Ah, okay. Well, off to emacs-devel with you, then :-D

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail
  2014-11-29 19:09         ` David Bremner
  2014-12-01  6:41           ` David Edmondson
@ 2016-02-08 17:52           ` David Edmondson
  1 sibling, 0 replies; 11+ messages in thread
From: David Edmondson @ 2016-02-08 17:52 UTC (permalink / raw)
  To: David Bremner, notmuch, 759646

[Raking over history...]

On Sat, Nov 29 2014, David Bremner wrote:
> David Edmondson <dme@dme.org> writes:
>
>> On Tue, Sep 02 2014, Tomi Ollila wrote:
>>> On Tue, Sep 02 2014, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
>>>
>>>> On 08/30/2014 03:37 AM, Jani Nikula wrote:
>>>>> I'm inclined to think this is a bug in message-mode. 
>>>>
>>>> I agree it's a bug in message-mode, not in notmuch itself.
>>>
>>> I think it might be here:
>>>
>>> http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258
>>>
>>> (it takes time to load, please wait...)
>>>
>>> If cond does not match, then don't fail...
>>
>> This looks to have been fixed in emacs at the end of September 2014.
>
> Right, this fix was released in emacs 24.4
>
> I'm a little torn what to do here. On the one hand the upstream change
> fixes the bug as reported. On the other hand, if something corrupts the
> #secure tag (e.g., by deleting a letter), then the message is still sent
> un-uncrypted.

That's true, but it's undoubtedly an upstream bug rather than a
notmuch-emacs bug.

If we apply some heuristic workaround in notmuch, users of gnus (and
mu4e?) will still be vulnerable to the same problem. The right thing to
do is report (and fix) the bug upstream.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail
  2014-08-29 18:05 [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail David Bremner
  2014-08-30  7:37 ` Jani Nikula
@ 2021-12-26 11:28 ` David Bremner
  1 sibling, 0 replies; 11+ messages in thread
From: David Bremner @ 2021-12-26 11:28 UTC (permalink / raw)
  To: notmuch

David Bremner <david@tethera.net> writes:
>
> i.e. #secure method=pgpmime mode=signinvalidencrypt will end up
> sending an encrypted message (with the <>, of course).
>
> It seems like it should error out if the mode= is set to an invalid or
> unknown value, rather than sending mail in the clear.
>
> I've got this set up in ~/.emacs, not sure what all else might be coming
> into play:
>
>  '(message-setup-hook (quote (mml-secure-message-sign)))
>  '(notmuch-crypto-process-mime t)
>

This bug is marked fixed in emacs, so I guess we can mark it fixed in
nmbug as well. For a more detailed discussion see
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=18513

d

^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2021-12-26 11:28 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-08-29 18:05 [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail David Bremner
2014-08-30  7:37 ` Jani Nikula
2014-09-02  5:57   ` Daniel Kahn Gillmor
2014-09-02  8:02     ` Tomi Ollila
2014-11-12 20:17       ` David Edmondson
2014-11-29 19:09         ` David Bremner
2014-12-01  6:41           ` David Edmondson
2014-12-01  6:45             ` David Bremner
2014-12-01  7:16               ` David Edmondson
2016-02-08 17:52           ` David Edmondson
2021-12-26 11:28 ` David Bremner

Code repositories for project(s) associated with this inbox:

	notmuch.git.git (no URL configured)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).