Re: [Evolution] PGP -> execvp() : Security problems?



On Tue, 2002-11-12 at 19:08, Anton Aylward wrote:
On Tue, 2002-11-12 at 17:40, Jeffrey Stedfast <fejj ximian com> wrote:

Subject: Re: [Evolution] Evolution-1.2 vs pgp encryption
To: Stacey Roberts <stacey Demon vickiandstacey com>
Cc: evolution ximian com

Evolution no longer supports anything other than gnupg.

Why not? because I rewrote the pgp backend code to be much more robust

[snip]

We now just use execvp() and let
the shell find the pgp binary for us. It makes the UI oh so much simpler
for the average user.

Indeed it does for the class of users who don't know about PGP.  I would
think that anyone who is smart enough to handle gnupgp - set it up,
handle keyrings and so forth - can use "which".  But that's not my
point.

you would *think*, but be proved wrong... unfortunately.

My point is the use of execvp().

this is the same as issuing "gpg" in your shell.


Take a look in the Vuln-dev or other archives and see how many
vulnerabilities revolve around using execvp() instead of the short-forms
of the exec() system call.

Yes, because we all know everyone invokes an application by providing
the full path to the binary.

I type /usr/bin/gpg *all* the time

</sarcasm>

sure, maybe it's a risk if you blindly trust your shell environment, but
guess what? you can setup your PATH environment to not include
directories that you feel are risky (ie, don't include ".").


The user of Evo may not the the owner or administrator of the machine.

this is not assumed.


has anyone run one of the basic tools for checking the source of Evo for
the plethora of classical security coding risks?

no.

Jeff

-- 
Jeffrey Stedfast
Evolution Hacker - Ximian, Inc.
fejj ximian com  - www.ximian.com





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]