lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1317740452.18063.7.camel@gandalf.stny.rr.com>
Date:	Tue, 04 Oct 2011 11:00:49 -0400
From:	Steven Rostedt <rostedt@...dmis.org>
To:	quilt-dev <quilt-dev@...gnu.org>,
	LKML <linux-kernel@...r.kernel.org>
Cc:	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	Andrew Morton <akpm@...ux-foundation.org>,
	John Kacur <jkacur@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	Greg Kroah-Hartman <gregkh@...e.de>,
	Andreas Gruenbacher <agruen@...e.de>
Subject: [RFC][PATCH][QUILT] Add gpg signing to quilt mail

quilt mail: Add way to sign mail with GPG

After the attack of kernel.org, several kernel developers are getting
paranoid about who is really who. A lot of focus is on signing emails
that verify who people really are using GPG signatures.

Unfortunately, there's no way to sign quilt email as it goes out. This
patch fixes that.

Added the quilt mail option --pass to allow the user to enter a
passphrase and sign their email patches.

TODO: 

Find a better way to read the passphrase. Right now it is stored in
memory and if the program is swapped to disk, others may be able to gain
access to it.

Verify the passphrase before continuing. If you type the wrong
passphrase, the email will still go out with a bad signature.

These changes were done in /usr/share/quilt.

Signed-off-by: Steven Rostedt <rostedt@...dmis.org>
---
 mail               |   30 +++++++++++-
 scripts/gpgmail.pl |  127 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 154 insertions(+), 3 deletions(-)
 create mode 100755 scripts/gpgmail.pl

diff --git a/mail b/mail
index c3c8297..1691336 100755
--- a/mail
+++ b/mail
@@ -63,6 +63,11 @@ first, and a last patch name of \`-' denotes the last patch in the series.
 
 --reply-to message
 	Add the appropriate headers to reply to the specified message.
+
+--pass
+	Enter a passphrase and sign email with GPG signatures.
+	Note: Even though the passphrase is stored in memory, it may end up
+	  being swapped to disk. Becareful with this option.
 " "/usr/share/doc/quilt/README.MAIL"
 		exit 0
 	else
@@ -115,6 +120,15 @@ references_header() {
 	[ -n "$references" ] && echo "References: $references"
 }
 
+sign_mail()
+{
+	if [ -z "$opt_pass" ]; then
+		cat
+	else
+		$QUILT_DIR/scripts/gpgmail.pl --passwd "$opt_pass"
+	fi
+}
+	
 process_mail()
 {
 	local tmpfile=$(gen_tempfile)
@@ -132,12 +146,12 @@ process_mail()
 			${QUILT_SENDMAIL_ARGS--f "$opt_sender"} "$@"
 		$QUILT_DIR/scripts/edmail --charset $opt_charset \
 				 --remove-header Bcc "$@" < $tmpfile \
-		| ${QUILT_SENDMAIL:-sendmail} \
+		| sign_mail | ${QUILT_SENDMAIL:-sendmail} \
 			${QUILT_SENDMAIL_ARGS--f "$opt_sender"} "$@"
 	else
 		local from_date=$(LC_ALL=C date "+%a %b %e %H:%M:%S %Y")
 		echo "From $opt_sender_address $from_date"
-		sed -e 's/^From />From /' $tmpfile
+		sed -e 's/^From />From /' $tmpfile | sign_mail
 		echo
 	fi
 	rm -f $tmpfile
@@ -154,7 +168,7 @@ join_lines() {
 }
 
 options=`getopt -o m:h --long from:,to:,cc:,bcc:,subject: \
-		       --long send,mbox:,charset:,sender: \
+		       --long send,pass,mbox:,charset:,sender: \
 		       --long prefix:,reply-to:,signature: -- "$@"`
 
 if [ $? -ne 0 ]
@@ -212,6 +226,16 @@ do
 	--reply-to)
 		opt_reply_to=$2
 		shift 2 ;;
+	--pass)
+		# Yes this is very insecure :-(
+		# If this program gets swapped to disk, we just stored
+		# the passphrase to the hard drive.
+		# FIXME
+		echo -n "Enter passphrase: ";
+		stty -echo
+		read opt_pass;
+		stty echo
+		shift ;;
 	--signature)
 		if [ "$2" = - ]
 		then
diff --git a/scripts/gpgmail.pl b/scripts/gpgmail.pl
new file mode 100755
index 0000000..2af6703
--- /dev/null
+++ b/scripts/gpgmail.pl
@@ -0,0 +1,127 @@
+#!/usr/bin/perl
+
+use strict;
+
+use MIME::QuotedPrint;
+
+my $pass;
+
+while ($#ARGV >= 0) {
+    my $opt = $ARGV[0];
+
+    last if ($opt =~ /^--$/ || $opt !~ /^-/);
+
+    if ($opt eq "--passwd") {
+	shift @ARGV;
+	$pass = shift @ARGV;
+    } else {
+	die "undefined option $opt";
+    }
+}
+
+shift @ARGV if ($#ARGV >= 0 && $ARGV eq "--");
+
+if (defined($pass)) {
+    $pass = " --passphrase=\"$pass\" ";
+} else {
+    $pass = "";
+}
+
+if ($#ARGV >= 0) {
+    open(IN, $ARGV[0]) or die "can't read $ARGV[0]";
+} else {
+    *IN = *STDIN;
+}
+
+*OUT = *STDOUT;
+
+my $content;
+my $quot;
+my $quoted = 0;
+
+while (<IN>) {
+    if (/^Content-Type/) {
+	s/$/\r/;
+	$content = $_;
+
+    } elsif (/^Content-Transfer-Encoding/) {
+	s/$/\r/;
+	$quot = $_;
+	$quoted = 1;
+
+    } elsif (/^$/) {
+	last;
+    } else {
+	print OUT;
+    }
+}
+
+my $scissor = sprintf "%s", crypt( sprintf("%d", rand * 1000), sprintf("%d", rand * 100));
+
+print OUT "Content-Type: multipart/signed; micalg=\"pgp-sha1\"; protocol=\"application/pgp-signature\"; boundary=\"$scissor\"";
+
+print OUT "\n\n";
+
+my $convert = 0;
+
+if (!defined($content)) {
+    $content = "Content-Type: text/plain; charset=\"UTF-8\"\r\n";
+    $quot = "Content-Transfer-Encoding: quoted-printable\r\n";
+    $convert = 1;
+    $quoted = 1;
+}
+
+print OUT "--$scissor\n";
+
+my @lines;
+
+$lines[$#lines + 1] = $content;
+if ($quoted) {
+    $lines[$#lines + 1] = $quot;
+}
+$lines[$#lines + 1] = "\r\n";
+
+my @rest;
+
+my @rest = <IN>;
+
+if ($convert) {
+    foreach my $line (@rest) {
+	$line = encode_qp($line,"\r\n");
+    }
+}
+
+@...es = (@lines, @rest);
+
+close IN;
+
+my $tmpfile = "/tmp/gpgmail.$$";
+
+open(TMP, ">", $tmpfile) or die "Can't create a temporary file";
+
+print TMP @lines;
+
+close TMP;
+
+# put the lines back to unix
+foreach my $line (@lines) {
+    $line =~ s/\r//;
+}
+
+print OUT @lines;
+
+print OUT "\n";
+print OUT "--$scissor\n";
+
+my $pgp = `gpg --simple-sk-checksum -a --detach-sign $pass --output - < $tmpfile`;
+
+unlink $tmpfile;
+
+print OUT "Content-Type: application/pgp-signature; name=\"signature.asc\"\n";
+print OUT "Content-Description: This is a digitally signed message part\n";
+print OUT "\n";
+
+print OUT $pgp;
+
+print OUT "\n";
+print OUT "--$scissor--\n";
-- 
1.7.6.3



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ