Bug#898634: kmail: efail attack against S/MIME

To: Sandro Knauß <hefee@debian.org>, 898634@bugs.debian.org, security@debian.org
Subject: Bug#898634: kmail: efail attack against S/MIME
From: Yves-Alexis Perez <corsac@debian.org>
Date: Wed, 16 May 2018 11:59:37 +0200
Message-id: <[🔎] 6bd0aaef73649a230af5bc380cb50ecbe36245ee.camel@debian.org>
Reply-to: Yves-Alexis Perez <corsac@debian.org>, 898634@bugs.debian.org
In-reply-to: <[🔎] 2665536.enFCP7PGD3@tuxin>
References: <[🔎] 152630478232.31531.13923733201808973896.reportbug@scapa> <[🔎] 2665536.enFCP7PGD3@tuxin> <[🔎] 152630478232.31531.13923733201808973896.reportbug@scapa>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Wed, 2018-05-16 at 11:44 +0200, Sandro Knauß wrote:
> Hey,

Hi Sandro, thanks for the update on this.
> 
> For S/MIME the situation is that it is a conceptional weakness in the standard 
> to remove the target vector completely.

Agreed, and I'm unsure what we can do about it in Debian right now, besides
mitigation for backchannels.
> 
> In KMail we have the best handling that we can get at the moment (with default 
> settings). KMail never access resources from the internet without asking the 
> user or an explicit change of the default setting:
> Settings > Configure KMail > Security > Reading > Allow messages to load 
> external references from the Internet

Ok. Other clients like Evolution and Trojita also had an issue with DNS
prefetching which could be re-enabled in Webkit. Not sure on what library
KMail relies for HTML rending but it might be worth checking that too?

See https://bugs.webkit.org/show_bug.cgi?id=182924 for the webkit bug (with
links to the Evolution and Trojita ones).
> 
> There are some small patches, that disable this setting for encrypted 
> messages, to enforce a user interaction:
> 
> https://phabricator.kde.org/D12391
> https://phabricator.kde.org/D12393
> https://phabricator.kde.org/D12394
> 
> For me applying the patches makes sense to improve security for users, but 
> disabling the external resource loading completely would break workflows. 
> Those patches are applied for the following Debian packages, where the
> setting 
> is used for everything:
> libmessageviewer5  << 4:18.04.1
> kmail < 4:18.04.1

Thanks, that's good to know.
> 
> As already mentioned, the underlying problem is the S/MIME conceptional 
> weaknes, that can't be fixed by those patches.
> 
> The stack KMail is using for decryption is GPGME Qt backend that is
> packaged 
> in gpgme1.0 for testing/sid and gpgmepp for stable and older.
> 
> I'm not sure, how this should be handled in Debian correctly.

I'm not sure either, to be honest.
> 
> For a more detailed look for KMail and EFail see the dot.kde article:
> 
> https://dot.kde.org/2018/05/15/efail-and-kmail

That article indicates KMail uses GnuPG for S/MIME, which I find a bit weird.
- -- 
Yves-Alexis
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlr8AQkACgkQ3rYcyPpX
RFvIOQf/YLo7d/Fgy8CCPYH+rwiS0A+EwzXQZhCCykF4nk9lGH3uwQHGa9a4UdJT
FuCBu3krxPUymczIsT+p0XCUBuindZ8wknMzkqJ9rRXGN0L3634Cau7CgSA4e84H
bG1EMMfWxx2wwAjaK3dAXHF4gAUXRVfpKMdJEpidFiXZ9ixZtCKSyhM2AaF+IYli
I8kVG6gzOxrEwo+2BbQOjo+e25be19HoktnQAFbBEafVIwcjQSrop5Y4A6cXkJ5P
CT0tzc+VloCIgDwQHEkUCyM3rXJbkklgZWmTXhhDU1lMteZixnXU5uB2Gc5akW4q
alumMVM6AXu9NzAe+PioFrChglkixQ==
=2SgF
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Bug#898634: kmail: efail attack against S/MIME
  - From: Sandro Knauß <hefee@debian.org>

References:
- Bug#898634: kmail: efail attack against S/MIME
  - From: Yves-Alexis Perez <corsac@debian.org>
- Bug#898634: kmail: efail attack against S/MIME
  - From: Sandro Knauß <hefee@debian.org>

Prev by Date: Bug#898634: kmail: efail attack against S/MIME
Next by Date: Bug#898634: kmail: efail attack against S/MIME
Previous by thread: Bug#898634: kmail: efail attack against S/MIME
Next by thread: Bug#898634: kmail: efail attack against S/MIME
Index(es):
- Date
- Thread