Re: a DoS vulnerability associated with conflated Message-IDs?
On Fri 2017-08-04 16:42:54 -0400, David Bremner wrote: > Peter Wang writes: > >> On Thu, 08 Mar 2012 11:37:09 -0500, Daniel Kahn Gillmor >> wrote: >>> notmuch currently treats all messages with the same Message-ID as >>> the same message. I think this could be a vulnerability :( >>> >>> If two messages have the same Message-ID, is there a guarantee of which >>> of these messages will be produced during a notmuch show? >>> >>> Either way, it seems to create a potential DoS attack on notmuch users. >> >> Yesterday I was expecting a confirmation message which, seemingly, never >> came. It turns out my maildir already contained a message from the >> same system. From three years ago. With the same Message-ID. >> >> Malice has nothing on incompetence. >> >> Could we distinguish messages with identical Message-IDs based on >> some header fields, e.g. Date, From? > > I wouldn't say this problem is fixed, but we are making some > progress. In master all copies of the file are now indexed. It still > needs various UI work before we can consider the problem really fixed, > but it is now technically possible to detect such an attack (since the > "good terms" are also indexed). otoh, we now enable some additional (perhaps weirder) attacks, like: * i can make someone else's mail show up in your mailbox with a search term of my choosing by sending you a new mail co-opting their message-id. we definitely need some UI for dealing with this, and perhaps some explicit de-duping logic or maintenance scripts would be useful too. --dkg ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
[PATCH] test: add broken tests for maildir syncing
Users should be able to specify synced tags in new.tags --- Anarcat had an interesting idea about using "flagged" in new.tags, but it doesn't work, because of (I think) the following code: for (tag = state->new_tags; *tag != NULL; tag++) notmuch_message_add_tag (message, *tag); if (state->synchronize_flags) notmuch_message_maildir_flags_to_tags (message); i.e. the tags are removed because the newly delivered message doesn't have them. FWIW, notmuch-insert does the right thing, I think test/T340-maildir-sync.sh | 24 +++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/test/T340-maildir-sync.sh b/test/T340-maildir-sync.sh index 959bf8d8..172c22eb 100755 --- a/test/T340-maildir-sync.sh +++ b/test/T340-maildir-sync.sh @@ -181,11 +181,33 @@ test_expect_equal "$(cd $MAIL_DIR/cur/; ls non-compliant*)" "non-compliant-maild test_begin_subtest "Files in new/ get default synchronized tags" OLDCONFIG=$(notmuch config get new.tags) -notmuch config set new.tags test +notmuch config set new.tags test;unread add_message [subject]='"File in new/"' [dir]=new [filename]='file-in-new' notmuch config set new.tags $OLDCONFIG notmuch search 'subject:"File in new"' | notmuch_search_sanitize > output test_expect_equal "$(< output)" \ "thread:XXX 2001-01-05 [1/1] Notmuch Test Suite; File in new/ (test unread)" +test_begin_subtest "unread is not mandatory in new/" +test_subtest_known_broken +OLDCONFIG=$(notmuch config get new.tags) +notmuch config set new.tags test +add_message [subject]='"File in new/"' [dir]=new [filename]='file-in-new' +notmuch config set new.tags $OLDCONFIG +notmuch search 'subject:"File in new"' | notmuch_search_sanitize > output +test_expect_equal "$(< output)" \ +"thread:XXX 2001-01-05 [1/1] Notmuch Test Suite; File in new/ (test)" + +for tag in draft flagged passed replied; do + +test_begin_subtest "$tag is valid in new.tags" +test_subtest_known_broken +OLDCONFIG=$(notmuch config get new.tags) +notmuch config set new.tags "$tag" +add_message [subject]="\"$tag sync in new\"" [dir]=new +notmuch config set new.tags $OLDCONFIG +notmuch search subject:"$tag in new" | notmuch_search_sanitize > output +test_expect_equal "$(< output)" \ + "thread:XXX 2001-01-05 [1/1] Notmuch Test Suite; $tag sync in new ($tag)" +done test_done -- 2.13.2 ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: a DoS vulnerability associated with conflated Message-IDs?
Peter Wang writes: > On Thu, 08 Mar 2012 11:37:09 -0500, Daniel Kahn Gillmor > wrote: >> notmuch currently treats all messages with the same Message-ID as >> the same message. I think this could be a vulnerability :( >> >> If two messages have the same Message-ID, is there a guarantee of which >> of these messages will be produced during a notmuch show? >> >> Either way, it seems to create a potential DoS attack on notmuch users. > > Yesterday I was expecting a confirmation message which, seemingly, never > came. It turns out my maildir already contained a message from the > same system. From three years ago. With the same Message-ID. > > Malice has nothing on incompetence. > > Could we distinguish messages with identical Message-IDs based on > some header fields, e.g. Date, From? I wouldn't say this problem is fixed, but we are making some progress. In master all copies of the file are now indexed. It still needs various UI work before we can consider the problem really fixed, but it is now technically possible to detect such an attack (since the "good terms" are also indexed). d ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch