From owner-freebsd-security Tue Jan 11 4:20: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from ren.detir.qld.gov.au (ns.detir.qld.gov.au [203.46.81.66]) by hub.freebsd.org (Postfix) with ESMTP id ACB0E15474; Tue, 11 Jan 2000 04:19:56 -0800 (PST) (envelope-from syssgm@detir.qld.gov.au) Received: by ren.detir.qld.gov.au; id WAA12060; Tue, 11 Jan 2000 22:19:20 +1000 (EST) Received: from ogre.detir.qld.gov.au(167.123.8.3) via SMTP by ren.detir.qld.gov.au, id smtpd012047; Tue Jan 11 22:19:12 2000 Received: from atlas.detir.qld.gov.au (atlas.detir.qld.gov.au [167.123.8.9]) by ogre.detir.qld.gov.au (8.8.8/8.8.7) with ESMTP id WAA02803; Tue, 11 Jan 2000 22:18:27 +1000 (EST) Received: from nymph.detir.qld.gov.au (nymph.detir.qld.gov.au [167.123.10.10]) by atlas.detir.qld.gov.au (8.8.5/8.8.5) with ESMTP id WAA01164; Tue, 11 Jan 2000 22:18:26 +1000 (EST) Received: from nymph.detir.qld.gov.au (localhost [127.0.0.1]) by nymph.detir.qld.gov.au (8.9.3/8.8.7) with ESMTP id WAA31198; Tue, 11 Jan 2000 22:18:25 +1000 (EST) (envelope-from syssgm@nymph.detir.qld.gov.au) Message-Id: <200001111218.WAA31198@nymph.detir.qld.gov.au> To: Kris Kennaway Cc: freebsd-security@freebsd.org, syssgm@detir.qld.gov.au Subject: Re: cvs commit: src/usr.sbin/ctm/ctm ctm.1 src/usr.sbin/ctm/ctm_rmail ctm_rmail.1 References: <200001110746.XAA82203@freefall.freebsd.org> In-Reply-To: <200001110746.XAA82203@freefall.freebsd.org> from Kris Kennaway at "Mon, 10 Jan 2000 23:46:34 -0800" Date: Tue, 11 Jan 2000 22:18:25 +1000 From: Stephen McKay Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Monday, 10th January 2000, Kris Kennaway wrote: >kris 2000/01/10 23:46:34 PST > > Modified files: > usr.sbin/ctm/ctm ctm.1 > usr.sbin/ctm/ctm_rmail ctm_rmail.1 > Log: > Document the (in)security features of CTM, especially ctm_rmail. > > Revision Changes Path > 1.16 +28 -2 src/usr.sbin/ctm/ctm/ctm.1 > 1.18 +26 -25 src/usr.sbin/ctm/ctm_rmail/ctm_rmail.1 I suppose it's a bigger and uglier world than it was even 5 short years ago when I wrote those soothing and perhaps naive words about possible fake deltas. I've not heard of any attacks, nor do I think one would actually succeed. The buffer overflow was a more realistic danger. But you are correct from a theoretical viewpoint; an attack *could* be made on the current email distributed ctm system. So, I am motivated to work on a cryptographic signature enhancement. Otherwise, what is the point of distributing a program with a manual that advises everyone not to use it?! Do you have any suggestions on how such a mechanism might be added? I have built a system in the past using PGP, but it aged ungracefully as PGP changed. I'm thinking of something like encoding the delta md5 with a secret key known only to the generation site, and having the current public key of known generations sites in a configuration file. Also, if the delta format changes, it would be a good time to introduce other changes, like detecting when files move from foo/bar.c to foo/Attic/bar.c and thus further reducing delta sizes. Stephen. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message