danger of decrypted files without integrity protection
gdt at lexort.com
Thu May 17 15:05:35 CEST 2018
Bernhard Reiter <bernhard at intevation.de> writes:
> Pondering how dangerous manipulated decrypted files are
> I've done the following experiment on a GNU system:
> echo "File loading external references? Yes, if you can see the following image: <img src=https://gnupg.org/share/logo-gnupg-light-purple-bg.png />" >test.html
> firefox test.html
> chromium test.html
> both times the image was shown.
In your example, you asked a browser to render html, which has different
norms than rendering incoming (and hence not requested by the user)
email. Even a relatively paranoid browser with uMatrix will render
images from different origins.
If you are calling decrypted content without integrity protection (and
probably, without Data Origin Authenication) protection dangerous, why
are you not also calling unencrypted unauthenticated content dangerous?
The larger real issue here is treating incoming bits as a program and
interpreting it (to include fetching remote content), rather than simply
Mail use of html should not fetch images (which are also likely to
(This is all separate from the discussion about combining multiple
arriving html documents into one document for rendering.)
More information about the Gnupg-devel