danger of decrypted files without integrity protection
steffen at sdaoden.eu
Thu May 17 20:51:52 CEST 2018
Greg Troxel <gdt at lexort.com> wrote:
|Bernhard Reiter <bernhard at intevation.de> writes:
|> Am Donnerstag 17 Mai 2018 15:05:35 schrieb Greg Troxel:
|>> In your example, you asked a browser to render html, which has different
|>> norms than rendering incoming (and hence not requested by the user)
|>> email. Even a relatively paranoid browser with uMatrix will render
|>> images from different origins.
|> It is a detail to the questions:
|> * is decrypting an email manually outside of a mailer safe?
|> -> no - for files that potentially will call home on opening
|Decrypting is not the problem. The problem is evaluating the file
|either with a program that interprets it and does unsafe things, or that
|is exploitable (e.g. because it is buggy, perhaps because the format is
|too complicated). All of these issues are also present with handling
|files that were not recently decrypted.
Not being able to detect that injections happened because
decrypting silently succeeds because of missing i.-p. is the
problem on the S/MIME side (isn't it).
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
More information about the Gnupg-devel