Package: balsa Version: 2.3.0-2sarge1 Severity: normal
When viewing a message in balsa which was signed using gpg, balsa will print the verified message to stdout. That is bad: if the message was also encrypted, because it will expose the decrypted plaintext on stdout. This is a security issue because when you start balsa from the gnome menu, the plaintext of the message can be found verbatim in ~/.xsession-errors (!). The problem any security concious persion should have with this behaviour is that the message plaintext is written to disk where it may be recovered easily days or even weeks after the decrypted message has been wiped from memory. The messages plaintext should ideally only be located in system memory. It's bad enough that it might end up in the swap partition on some systems, but finding it on the file system is only inviting people to try to steal it... Below, I have included a log of the messages printed by balsa to the console (balsa was started from a terminal window in that case) to demonstrate the problem (names and e-mail addresses have been crossed out for privacy reasons): --- begin of log --- [EMAIL PROTECTED]:~ > balsa ** Message: init gpgme version 1.0.2 ** Message: loading icon balsa_compose (stock id stock_mail-compose) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_reply (stock id stock_mail-reply) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_reply_group (stock id stock_mail-reply-to-all) art_render_invoke: no image source given ** Message: loaded with size 24 art_render_invoke: no image source given ** Message: loaded with size 16 ** Message: loading icon balsa_send (stock id stock_mail-send) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_receive (stock id stock_mail-receive) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_send_receive (stock id stock_mail-send-receive) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_forward (stock id stock_mail-forward) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_identity (stock id stock_contact) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_continue (stock id stock_mail) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_postpone (stock id balsa-postpone) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_reply_all (stock id balsa-reply-all) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_next_part (stock id balsa-next-part) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_previous_part (stock id balsa-previous-part) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_marked_all (stock id balsa-mark-all) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_attachment (stock id stock_attach) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_next (stock id balsa-next) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_previous (stock id balsa-previous) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_next_unread (stock id balsa-next-unread) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_next_flagged (stock id balsa-next-flagged) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_sign (stock id balsa-signature-unknown) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_sign_good (stock id balsa-signature-good) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_sign_trust (stock id balsa-signature-notrust) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_sign_bad (stock id balsa-signature-bad) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_encr (stock id balsa-encrypted) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_book_red (stock id stock_book_red) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_book_yellow (stock id stock_book_yellow) ** Message: loaded with size 24 ** Message: loading icon balsa_book_green (stock id stock_book_green) ** Message: loaded with size 24 ** Message: loading icon balsa_book_blue (stock id stock_book_blue) ** Message: loaded with size 24 ** Message: loading icon balsa_book_open (stock id stock_book_open) ** Message: loaded with size 24 ** Message: loaded with size 16 ** Message: loading icon balsa_show_headers (stock id stock_view-fields) ** Message: loaded with size 24 ** Message: loading icon balsa_show_preview (stock id balsa-preview) ** Message: loaded with size 24 ** Message: loading icon balsa_marked_new (stock id balsa-marked-new) ** Message: loaded with size 24 ** Message: loading icon balsa_trash_empty (stock id balsa-trash-empty) ** Message: loaded with size 24 ** Message: loading icon balsa_gpg_sign (stock id balsa-sign) ** Message: loaded with size 24 ** Message: loading icon balsa_gpg_encrypt (stock id balsa-encrypt) ** Message: loaded with size 24 ** Message: loading icon balsa_gpg_recheck (stock id balsa-crypt-check) ** Message: loaded with size 24 ** Message: loading icon balsa_mbox_in (stock id stock_inbox) ** Message: loaded with size 16 ** Message: loading icon balsa_mbox_out (stock id stock_outbox) ** Message: loaded with size 16 ** Message: loading icon balsa_mbox_draft (stock id balsa-mbox-draft) ** Message: loaded with size 16 ** Message: loading icon balsa_mbox_sent (stock id balsa-mbox-sent) ** Message: loaded with size 16 ** Message: loading icon balsa_mbox_tray_full (stock id balsa-mbox-tray-full) ** Message: loaded with size 16 ** Message: loading icon balsa_mbox_tray_empty (stock id balsa-mbox-tray-empty) ** Message: loaded with size 16 ** Message: loading icon balsa_mbox_dir_open (stock id gnome-fs-directory-accept) ** Message: loaded with size 16 ** Message: loading icon balsa_mbox_dir_closed (stock id gnome-fs-directory) ** Message: loaded with size 16 ** Message: loading icon balsa_info_replied (stock id stock_mail-replied) ** Message: loaded with size 16 ** Message: loading icon balsa_info_new (stock id stock_mail-unread) ** Message: loaded with size 16 ** Message: loading icon balsa_info_flagged (stock id stock_mail-flag-for-followup) ** Message: loaded with size 16 opening Inbox.. done, msgcnt=0 (balsa:6010): gmime-WARNING **: Invalid or incomplete type: text: defaulting to text/plain (balsa:6010): gmime-WARNING **: Invalid or incomplete type: text: defaulting to text/plain (balsa:6010): gmime-WARNING **: Invalid or incomplete type: text: defaulting to text/plain (balsa:6010): gmime-WARNING **: Invalid or incomplete type: text: defaulting to text/plain attempted to verify: ----- BEGIN SIGNED PART ----- Content-Type: text/plain; charset=UTF-8; DelSp=Yes; Format=Flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hallo XXXXXXXXXXXXXXX, ein Buch gibt es noch, das mu=C3=9F ich aber aufteilen, das kommt gegen =20 Abend. =C3=9Cbrigens, wo bekommt man eigentlich Deinen PGP-Schl=C3=BCssel s= elbst =20 her? Auf den mir bekannten Keyservern ist er nicht zu finden. Gru=C3=9F XXXXXXXXXXX P.S. Meine Schl=C3=BCssel kann man sich von einem PGP-Keyserver runterladen= ; =20 viele e-mail Clients bieten das sogar automatisch an. Fingerabdr=C3=BCcke =20 k=C3=B6nnen wir ja dann morgen vergleichen. (Key-IDs sind XXXXXXXXXX und =20 XXXXXXXXXXXX) On 29/03/06 13:27:55, XXXXXXXXXXXXX wrote: > Hallo XXXXXXXXXXXXXXXXXX! >=20 > Danke f=C3=BCr die B=C3=BCcher! War aber knapp, mit der > Mailgr=C3=B6=C3= =9Fe bei Deinem > Router ;-). >=20 > Gr=C3=BCtze gab's schon zu Mittag, daher viele Gr=C3=BC=C3=9Fe > Martin >=20 >=20 > -- > OpenPGP XXXXXXXXXXXXXXXXXXXXX ----- END SIGNED PART ----- [EMAIL PROTECTED]:~ > --- end of log --- Please write if you need further information. I'd be happy to help. Manuel -- System Information: Debian Release: 3.1 Architecture: powerpc (ppc) Kernel: Linux 2.4.32 Locale: LANG=en_GB.ISO-8859-1, LC_CTYPE=en_GB.ISO-8859-1 (charmap=ISO-8859-1) Versions of packages balsa depends on: ii libaspell15 0.60.2+20050121-2 The GNU Aspell spell-checker runti ii libbonobo2-0 2.8.1-2 Bonobo CORBA interfaces library ii libbonoboui2-0 2.8.1-2 The Bonobo UI library ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libesmtp5 1.0.3-1 LibESMTP SMTP client library ii libgconf2-4 2.8.1-6 GNOME configuration database syste ii libglib2.0-0 2.6.4-1 The GLib library of C routines ii libgmime2.1 2.1.14-1 MIME library, unstable version ii libgnome2-0 2.8.1-2 The GNOME 2 library - runtime file ii libgnomeprint2.2-0 2.8.2-1.2 The GNOME 2.2 print architecture - ii libgnomeprintui2.2-0 2.8.2-2 GNOME 2.2 print architecture User ii libgnomeui-0 2.8.1-3 The GNOME 2 libraries (User Interf ii libgnomevfs2-0 2.8.4-4 The GNOME virtual file-system libr ii libgpgme11 1.0.2-1 GPGME - GnuPG Made Easy ii libgtk2.0-0 2.6.4-3.1 The GTK+ graphical user interface ii libgtkhtml3.2-11 3.2.5-1 HTML rendering/editing library - r ii libkrb53 1.3.6-2sarge2 MIT Kerberos runtime libraries ii libldap2 2.1.30-8 OpenLDAP libraries ii liborbit2 1:2.12.2-1 libraries for ORBit2 - a CORBA ORB ii libpango1.0-0 1.8.1-1 Layout and rendering of internatio ii libpcre3 4.5-1.2sarge1 Perl 5 Compatible Regular Expressi ii libpopt0 1.7-5 lib for parsing cmdline parameters ii libsqlite0 2.8.16-1 SQLite shared library ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
