Subject: pidgin-otr: Sigkill during key generation nukes otr.private_key Package: pidgin-otr Version: 3.2.0-4 Severity: important
I log in. Immediately someone with OTR enabled IMs an old account with no OTR. Pidgin's ENTIRE UI freezes for a long time while it auto-generates an OTR key. As an aside, I'd suggest prompting before generating a key with auto-encrypt as this makes the entire app unusable for several minutes and is liable to confuse a user. Anyway, being in a hurry I kill it with sigkill, log back on, and send my important message after disabling the other account...and it freezes again, regenerating the key for my account that already has one. It had deleted my keys. This has a happy ending because I keep backups, but I'd argue this is a pretty serious issue. I know sigkill is hard to deal with, but perhaps you could move the file to .otr_private_keys.bak or something, then do the key generation/file writing business, then unlink the backup, just to be safe? OTR is intended to be encryption for the masses and the masses don't keep backups. And even if the masses don't kill -9 they do power off and xkill when a program freezes for no apparent reason. Bonus points if you can fix the underlying issue as well (note that this occurred multiple times, so if it's a race condition it's a pretty long one). That is, not open the key file for writing until you have all the entropy you need to write it out all at once. Sure there's a tiny window of vulnerability there but this is better than nothing. Thanks for putting in the work for this plugin, it's very nice to have, and thanks to the Adium implemention is quite widespread, even among the not so techno-savvy. I'm just glad this happened to me and not someone without backups. Alex -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.31.5leaves (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages pidgin-otr depends on: ii libc6 2.9-23 GNU C Library: Shared libraries ii libgcrypt11 1.4.4-4 LGPL Crypto library - runtime libr ii libotr2 3.2.0-1 Off-the-Record Messaging library ii pidgin 2.5.6-1 graphical multi-protocol instant m pidgin-otr recommends no packages. pidgin-otr suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
