New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypt_protected_headers_write
should be removed, or at least default to yes
#4236
Comments
crypt_protected_headers_write
should be removed, or at least ignoredcrypt_protected_headers_write
should be removed, or at least default to yes
That sounds reasonable...
We can easily do that too. |
Hmmm, sounds good! I'll add those changes to the current PR (#4227). |
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Closes: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Closes: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Closes: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
They are part of the crypto message, which means the sender considers them part of the important data, and should not be carelessly weeded. Link: <neomutt#4223> Link: <neomutt#4226> Link: <neomutt#4227> Link: <neomutt#4236> Link: <neomutt#4237> Cc: Richard Russon <rich@flatcap.org> Cc: наб <nabijaczleweli@nabijaczleweli.xyz> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Closes: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Closes: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Closes: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
They are part of the crypto message, which means the sender considers them part of the important data, and should not be carelessly weeded. Link: <neomutt#4223> Link: <neomutt#4226> Link: <neomutt#4227> Link: <neomutt#4236> Link: <neomutt#4237> Cc: Richard Russon <rich@flatcap.org> Cc: наб <nabijaczleweli@nabijaczleweli.xyz> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Protected header fields are part of the crypto message, which means the sender considers them part of the important data, and should not be carelessly weeded. If the user want to do it, allow them via this variable, but default to not weeding them. Link: <neomutt#4223> Link: <neomutt#4226> Link: <neomutt#4227> Link: <neomutt#4236> Link: <neomutt#4237> Cc: Richard Russon <rich@flatcap.org> Cc: наб <nabijaczleweli@nabijaczleweli.xyz> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Closes: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Closes: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Closes: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Closes: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Protected header fields are part of the crypto message, which means the sender considers them part of the important data, and should not be carelessly weeded. If the user want to do it, allow them via this variable, but default to not weeding them. Link: <neomutt#4223> Link: <neomutt#4226> Link: <neomutt#4227> Link: <neomutt#4236> Link: <neomutt#4237> Cc: Richard Russon <rich@flatcap.org> Cc: наб <nabijaczleweli@nabijaczleweli.xyz> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Closes: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Protected header fields are part of the crypto message, which means the sender considers them part of the important data, and should not be carelessly weeded. If the user want to do it, allow them via this variable, but default to not weeding them. Link: <neomutt#4223> Link: <neomutt#4226> Link: <neomutt#4227> Link: <neomutt#4236> Link: <neomutt#4237> Cc: Richard Russon <rich@flatcap.org> Cc: наб <nabijaczleweli@nabijaczleweli.xyz> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Closes: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Closes: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Protected header fields are part of the crypto message, which means the sender considers them part of the important data, and should not be carelessly weeded. If the user want to do it, allow them via this variable, but default to not weeding them. Link: <neomutt#4223> Link: <neomutt#4226> Link: <neomutt#4227> Link: <neomutt#4236> Link: <neomutt#4237> Cc: Richard Russon <rich@flatcap.org> Cc: наб <nabijaczleweli@nabijaczleweli.xyz> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Closes: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Closes: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Protected header fields are part of the crypto message, which means the sender considers them part of the important data, and should not be carelessly weeded. If the user want to do it, allow them via this variable, but default to not weeding them. Link: <neomutt#4223> Link: <neomutt#4226> Link: <neomutt#4227> Link: <neomutt#4236> Link: <neomutt#4237> Cc: Richard Russon <rich@flatcap.org> Reviewed-by: наб <nabijaczleweli@nabijaczleweli.xyz> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Protected header fields are part of the crypto message, which means the sender considers them part of the important data, and should not be carelessly weeded. If the user want to do it, allow them via this variable, but default to not weeding them. Link: <neomutt#4223> Link: <neomutt#4226> Link: <neomutt#4227> Link: <neomutt#4236> Link: <neomutt#4237> Cc: Richard Russon <rich@flatcap.org> Reviewed-by: наб <nabijaczleweli@nabijaczleweli.xyz> Cc: Pietro Cerutti <gahr@gahr.ch> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Reviewed-by: наб <nabijaczleweli@nabijaczleweli.xyz> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Reviewed-by: наб <nabijaczleweli@nabijaczleweli.xyz> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Protected header fields are part of the crypto message, which means the sender considers them part of the important data, and should not be carelessly weeded. If the user want to do it, allow them via this variable, but default to not weeding them. Link: <neomutt#4223> Link: <neomutt#4226> Link: <neomutt#4227> Link: <neomutt#4236> Link: <neomutt#4237> Cc: Richard Russon <rich@flatcap.org> Reviewed-by: наб <nabijaczleweli@nabijaczleweli.xyz> Cc: Pietro Cerutti <gahr@gahr.ch> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Protected header fields are part of the crypto message, which means the sender considers them part of the important data, and should not be carelessly weeded. If the user want to do it, allow them via this variable, but default to not weeding them. Link: <neomutt#4223> Link: <neomutt#4226> Link: <neomutt#4227> Link: <neomutt#4236> Link: <neomutt#4237> Cc: Richard Russon <rich@flatcap.org> Reviewed-by: наб <nabijaczleweli@nabijaczleweli.xyz> Cc: Pietro Cerutti <gahr@gahr.ch> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Reviewed-by: наб <nabijaczleweli@nabijaczleweli.xyz> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Protected header fields are part of the crypto message, which means the sender considers them part of the important data, and should not be carelessly weeded. If the user want to do it, allow them via this variable, but default to not weeding them. Link: <neomutt#4223> Link: <neomutt#4226> Link: <neomutt#4227> Link: <neomutt#4236> Link: <neomutt#4237> Cc: Richard Russon <rich@flatcap.org> Reviewed-by: наб <nabijaczleweli@nabijaczleweli.xyz> Cc: Pietro Cerutti <gahr@gahr.ch> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Link: <neomutt#4236> Link: <neomutt#4223> Link: <neomutt#4226> Reviewed-by: наб <nabijaczleweli@nabijaczleweli.xyz> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Protected header fields are part of the crypto message, which means the sender considers them part of the important data, and should not be carelessly weeded. If the user want to do it, allow them via this variable, but default to not weeding them. Link: <neomutt#4223> Link: <neomutt#4226> Link: <neomutt#4227> Link: <neomutt#4236> Link: <neomutt#4237> Cc: Richard Russon <rich@flatcap.org> Reviewed-by: наб <nabijaczleweli@nabijaczleweli.xyz> Cc: Pietro Cerutti <gahr@gahr.ch> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Protected header fields are part of the crypto message, which means the sender considers them part of the important data, and should not be carelessly weeded. If the user want to do it, allow them via this variable, but default to not weeding them. Link: <#4223> Link: <#4226> Link: <#4227> Link: <#4236> Link: <#4237> Cc: Richard Russon <rich@flatcap.org> Reviewed-by: наб <nabijaczleweli@nabijaczleweli.xyz> Cc: Pietro Cerutti <gahr@gahr.ch> Signed-off-by: Alejandro Colomar <alx@kernel.org>
As seen in recently reported security vulnerabilities, we need to protect more headers.
Link: #4223
Link: #4226
This makes me wonder...
crypt_protected_headers_write
defaults tono
. This is insecure. Is there any reason why we would want to support the feature?I strongly suggest:
yes
. This is a silent breaking change.And secondarily, it might be good to
Although the latter suggestion would be more controversial.
The text was updated successfully, but these errors were encountered: