Bug #9161
Write a security advisory about Claws leaking cleartext to IMAP server
100%
Description
Once we reach the freeze for 1.4, if Bug #8986 and Bug #9000 are not solved we should issue a security advisory.
Even if Bug #8986 and Bug #9000 are solved we should mention that this problem existed in the past.
Here is a possible synopsis for the advisory. Note that while working on this, I discovered that this bug might not affect as many people as we thought. At least not all our IMAP users.
- Problem
- Draft and Queue are saved unencrypted on the server with IMAP
- Am I affected by this?
- Only if you use IMAP (which is the default)
- Draft
- Automatic saving is disabled by default in Tails, so if you haven’t changed this setting or installed after Tails 0.10.1 (20120130) you’re not affected.
- [internal] by the way, we knew this already see 04fc69a from Tails 0.10.1 (20120130)
- Automatic saving is disabled by default in Tails, so if you haven’t changed this setting or installed after Tails 0.10.1 (20120130) you’re not affected.
- Queue = “Send later”
- Very likely to not use it as it doesn’t make much sense in IMAP, or if you use it you’re aware of it because it’s a deliberate action.
- Possible workarounds
- Use POP instead of IMAP to avoid all bad surprises
- TODO: Need to rework persistence bug documentation (
Feature #9159) - [internal] Do we want to propose POP by default? (
Feature #9303)
- TODO: Need to rework persistence bug documentation (
- If you want to keep IMAP with autosaving activated, consider using Claws 3.10.1-2~bpo70+1 from backports
- It has a new option to disable automatic saving if the message is to be encrypted
- Add to additional software packages:
claws-mail/wheezy-backports
claws-mail-archiver-plugin/wheezy-backports
claws-mail-i18n/wheezy-backports
claws-mail-pgpinline/wheezy-backports
claws-mail-pgpmime/wheezy-backports - Uncheck Configuration → Preferences… → Compose → Writing → Even if message is to be encrypted
- [internal] Do we want to ship Claws backports ourselves? (
Feature #9302)
- If you want to keep IMAP and use Queue, consider using a local mailbox for storing them
- https://labs.riseup.net/code/issues/8999#note-8
- You can use the same technique to save your drafts as well
- Use POP instead of IMAP to avoid all bad surprises
Subtasks
Related issues
Related to Tails - |
Rejected | 2015-04-30 | |
Related to Tails - |
Resolved | 2015-04-06 |
History
#1 Updated by intrigeri 2015-04-06 15:10:58
- Target version set to Tails_1.4
#2 Updated by sajolida 2015-04-27 02:55:19
- Priority changed from Normal to Elevated
#3 Updated by sajolida 2015-04-30 07:29:13
If issued before Feature #9302, we could document adding configuring the following additional software:
claws-mail/wheezy-backports
claws-mail-archiver-plugin/wheezy-backports
claws-mail-pgpinline/wheezy-backports
claws-mail-pgpmime/wheezy-backports
It needs to be tested.
#4 Updated by sajolida 2015-04-30 07:30:09
- related to
Feature #9302: Consider shipping claws-mail 3.10.1-2~bpo70+1 added
#5 Updated by sajolida 2015-05-03 04:43:24
- related to
Feature #9158: Have a script to keep track of UUI releases added
#6 Updated by sajolida 2015-05-03 05:57:14
- Description updated
#7 Updated by sajolida 2015-05-03 06:03:49
- related to deleted (
)Feature #9158: Have a script to keep track of UUI releases
#8 Updated by sajolida 2015-05-03 06:03:55
- related to
Feature #9159: Test that the persistence bug of Claws is documented correctly added
#9 Updated by intrigeri 2015-05-03 12:32:33
- wrt. “Am I affected by this?”: there’s a manual “save as draft” option, so just saying “Automatic saving is disabled by default” doesn’t lead us far enough IMO. Users may still save stuff in the clear, while they believe it will be encrypted.
- wrt. “Queue = ”Send later“, Very likely to not use it as it doesn’t make much sense in IMAP, or if you use it you’re aware of it because it’s a deliberate action.”:
- I don’t understand why it doesn’t make much sense in IMAP: one can compose email offline.
- I’m not convinced by the “deliberate action” part: if the user has explicitly chosen to encrypt an email, perhaps they wouldn’t be that wrong if they believed that “Send later” would save it encrypted, just as “Send” would send it encrypted?
- Claws Mail sends the cleartext email in Queue before encrypting and sending IIRC (confirmed by _adamb on
Feature #9302#note-10) so no, it’s not a deliberate action to put mail to queue.
=> the synopsis intro (" I discovered that this bug might not affect as many people as we thought. At least not all our IMAP users.") seems a bit too optimistic.
#10 Updated by sajolida 2015-05-04 07:13:00
I tested again and indeed when sending an email through IMAP, Claws does the following:
1. Connect through IMAP to store the email in plaintext in the Queue folder of the server.
2. Connect through SMTP to send the email encrypted.
3. Connect through IMAP to store the encrypted email in the Sent folder of the server.
4. Connect through IMAP to delete the plaintext email from the Queue folder of the server.
What a mess!
#11 Updated by BitingBird 2015-05-05 20:28:40
- Status changed from Confirmed to In Progress
- % Done changed from 0 to 20
#12 Updated by sajolida 2015-05-07 16:28:27
- Status changed from In Progress to Resolved
- % Done changed from 20 to 100
Applied in changeset commit:17fa9459c965fbc86d3b8008bd9d309d2b97a76d.
#13 Updated by BitingBird 2015-08-25 14:08:27
- Priority changed from Elevated to Low