On Tue, Apr 23, 2013 at 11:58:05PM +0200, Vincent Lefevre wrote: > If the goal is to create a temporary file to view an attachment, the > contents of the attachment (and/or the mail itself) can be used as a > source of random data. I suppose that the attacker isn't the one who > sent the mail in question and the mailbox isn't public.
You can't suppose that. :) The message may very well be one that was sent by the attacker, specifically to get the user to fall into his trap. > More generally, if a mailbox is open and non-empty, this is a source > of random data too... If the user is not careful to protect the mail store with restrictive permissions, an attacker may very well already have the contents of the file. This presupposes that the user is ignorant or unconcerned about security issues; but many of them are. Additionally, in either case, if only plain text is involved, then the resulting randomness is quite poor; as natural language tends to fall into very recognizable patterns, there's not enough entropy. There's also the question of how you will use the data once you read it from the file; for instance simply using what you read may expose the contents to anyone who has access to the directory where the temp file will be written. Again, the subdirectory approach eliminates this particular issue. Bottom line, if you don't know for sure that it's a good source of randomness, you must assume it isn't. I told you this was hard. ;-) One problem to solve here is to identify what platforms are considered supported. If there's such a list then it's not so hard to identify the randomness sources on each of its members. Of course, someone needs to DO it... -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
pgpUw2yoBK3Tx.pgp
Description: PGP signature
