X-Git-Url: https://git.llucax.com/software/mutt-debian.git/blobdiff_plain/44c01adf506b1087bff724dcb65b92a12b012836..939639fcf1dad1b8f3a85d641f41d11c49281f3c:/doc/security.html?ds=sidebyside diff --git a/doc/security.html b/doc/security.html index 918f140..ad5a2e2 100644 --- a/doc/security.html +++ b/doc/security.html @@ -1,6 +1,6 @@ -Chapter 7. Security Considerations

Chapter 7. Security Considerations

Table of Contents

1. Passwords
2. Temporary Files
3. Information Leaks
3.1. Message-Id: headers
3.2. mailto:-style Links
4. External Applications

+

Chapter 7. Security Considerations

First of all, Mutt contains no security holes included by intention but may contain unknown security holes. As a consequence, please run Mutt only with as few permissions as possible. Especially, do not run Mutt as @@ -33,7 +35,7 @@ the super user.

When configuring Mutt, there're some points to note about secure setups so please read this chapter carefully. -

1. Passwords

+

1. Passwords

Although Mutt can be told the various passwords for accounts, please never store passwords in configuration files. Besides the fact that the system's operator can always read them, you could forget to mask it out @@ -41,29 +43,29 @@ when reporting a bug or asking for help via a mailing list. Even worse, your mail including your password could be archived by internet search engines, mail-to-news gateways etc. It may already be too late before you notice your mistake. -

2. Temporary Files

+

2. Temporary Files

Mutt uses many temporary files for viewing messages, verifying digital signatures, etc. As long as being used, these files are visible by other users and maybe even readable in case of misconfiguration. Also, a different location for these files may be desired which can be changed -via the $tmpdir variable. -

3. Information Leaks

3.1. Message-Id: headers

+via the $tmpdir variable. +

3. Information Leaks

3.1. Message-Id: headers

Message-Id: headers contain a local part that is to be created in a -unique fashion. In order to do so, Mutt will “leak” some +unique fashion. In order to do so, Mutt will “leak” some information to the outside world when sending messages: the generation of this header includes a step counter which is increased (and rotated) with every message sent. In a longer running mutt session, others can -make assumptions about your mailing habbits depending on the number of +make assumptions about your mailing habits depending on the number of messages sent. If this is not desired, the header can be manually -provided using $edit_headers (though not -recommended). -

3.2. mailto:-style Links

+provided using $edit_headers (though +not recommended). +

3.2. mailto:-style Links

As Mutt be can be set up to be the mail client to handle mailto: style links in websites, there're security considerations, too. Arbitrary header fields can be embedded in these links which could override existing header fields or attach arbitrary files using the Attach: -psuedoheader. This may be problematic if the $edit-headers variable is +pseudoheader. This may be problematic if the $edit-headers variable is unset, i.e. the user doesn't want to see header fields while editing the message and doesn't pay enough attention to the compose menu's listing of attachments. @@ -74,7 +76,7 @@ mailto:joe@host?Attach=~/.gnupg/secring.gpg

will send out the user's private gnupg keyring to joe@host if the user doesn't follow the information on screen carefully enough. -

4. External Applications

+

4. External Applications

Mutt in many places has to rely on external applications or for convenience supports mechanisms involving external applications.