Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 11 Jan 2000 22:18:25 +1000
From:      Stephen McKay <syssgm@detir.qld.gov.au>
To:        Kris Kennaway <kris@FreeBSD.org>
Cc:        freebsd-security@freebsd.org, syssgm@detir.qld.gov.au
Subject:   Re: cvs commit: src/usr.sbin/ctm/ctm ctm.1 src/usr.sbin/ctm/ctm_rmail ctm_rmail.1 
Message-ID:  <200001111218.WAA31198@nymph.detir.qld.gov.au>
In-Reply-To: <200001110746.XAA82203@freefall.freebsd.org> from Kris Kennaway at "Mon, 10 Jan 2000 23:46:34 -0800"
References:  <200001110746.XAA82203@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Monday, 10th January 2000, Kris Kennaway wrote:

>kris        2000/01/10 23:46:34 PST
>
>  Modified files:
>    usr.sbin/ctm/ctm     ctm.1 
>    usr.sbin/ctm/ctm_rmail ctm_rmail.1 
>  Log:
>  Document the (in)security features of CTM, especially ctm_rmail.
>  
>  Revision  Changes    Path
>  1.16      +28 -2     src/usr.sbin/ctm/ctm/ctm.1
>  1.18      +26 -25    src/usr.sbin/ctm/ctm_rmail/ctm_rmail.1

I suppose it's a bigger and uglier world than it was even 5 short years
ago when I wrote those soothing and perhaps naive words about possible fake
deltas.  I've not heard of any attacks, nor do I think one would actually
succeed.  The buffer overflow was a more realistic danger.

But you are correct from a theoretical viewpoint; an attack *could* be
made on the current email distributed ctm system.  So, I am motivated
to work on a cryptographic signature enhancement.  Otherwise, what is
the point of distributing a program with a manual that advises everyone
not to use it?!

Do you have any suggestions on how such a mechanism might be added?  I have
built a system in the past using PGP, but it aged ungracefully as PGP changed.

I'm thinking of something like encoding the delta md5 with a secret key
known only to the generation site, and having the current public key of
known generations sites in a configuration file.

Also, if the delta format changes, it would be a good time to introduce other
changes, like detecting when files move from foo/bar.c to foo/Attic/bar.c
and thus further reducing delta sizes.

Stephen.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001111218.WAA31198>