#3831: Crash Bug due to unchecked SSL_CTX_new
-----------------------+----------------------
Reporter: yujokang | Owner: mutt-dev
Type: defect | Status: reopened
Priority: major | Milestone:
Component: crypto | Version: 1.6.0
Resolution: | Keywords:
-----------------------+----------------------
Changes (by code@…):
* status: closed => reopened
* resolution: fixed =>
Comment:
{{{
If TLS is required for the application to continue in a meaningful
way (i.e. because the user has requested it), what's the practical
difference between a crash and exiting cleanly?
Arguments could be made that a crash produces a core file that could
be read to possibly glean sensitive information. But core files are
often turned off by default on modern systems. And even if one is
produced it will, on any sane platform, be readable only for the user,
requiring that an attacker already have access to read the user's
files, meaning that for such an attack to succeed, the account in
question is already compromised. At that point the core file is
uninteresting; the attacker may as well just read the user's process's
memory directly.
It's very unlikely that obtaining the SSL context will fail unless the
system is already out of resources, as evidenced by the fact that no
one has reported such a crash in the history of Mutt. So while this
is arguably a bug, the consequences seem to be nil--meanwhile the
potential to create a core file does actually have some benefits for
debugging. Fixing the "bug" makes it that much harder to determine
what set of unexpected circumstances lead to the crash.
Is there any genuine value in fixing this type of bug?
}}}
[attachment:"untitled-part.sig"]
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3831#comment:2>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
