Page MenuHomePhabricator
Create Task
Maniphest T114341

Security review for GPGMail
Closed, ResolvedPublic
Actions

Description

For overview see the task description of T12453.

Still going through normal review, so this just an early notice (but in case you do want to comment, the patches are https://gerrit.wikimedia.org/r/#/c/242791/ and https://gerrit.wikimedia.org/r/#/c/242000/). Part of it was published as a standalone library at https://github.com/tgr/php-gpglib, not sure what's the review process for those - done as CR of the patch for mediawiki/vendor?

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT12453 Encrypt emails with GnuPG (GPG)
 Resolved dpatrickT114341 Security review for GPGMail

Event Timeline

Tgr created this task.Oct 1 2015, 5:28 AM
Tgr raised the priority of this task from to Needs Triage.
Tgr updated the task description. (Show Details)
Tgr added projects: deprecated-security-team-reviews, MediaWiki-extensions-GPGMail.
Tgr subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 1 2015, 5:28 AM
Tgr added a parent task: T12453: Encrypt emails with GnuPG (GPG).Oct 1 2015, 5:29 AM
revi subscribed.Oct 1 2015, 3:55 PM
Liuxinyu970226 set Security to None.Oct 5 2015, 1:12 AM
MZMcBride subscribed.Oct 5 2015, 1:14 AM
csteipp moved this task from Incoming to Scheduled on the deprecated-security-team-reviews board.Nov 12 2015, 3:36 PM
Restricted Application added a subscriber: StudiesWorld. · View Herald TranscriptNov 12 2015, 3:36 PM
Nemo_bis triaged this task as Medium priority.Nov 24 2015, 9:22 AM
csteipp moved this task from Scheduled to Incoming on the deprecated-security-team-reviews board.Dec 2 2015, 6:20 PM
csteipp moved this task from Incoming to Scheduled on the deprecated-security-team-reviews board.Jan 22 2016, 12:08 AM
dpatrick claimed this task.Feb 1 2016, 7:37 PM
dpatrick added a project: Security-Team.
dpatrick moved this task from Incoming to In Progress on the Security-Team board.
dpatrick added a comment.Feb 8 2016, 11:51 PM

General Observations

  • Positive
    • Extension seeks to conceal the fact that a user is encrypting their messages
    • PHP built-ins escapeshellcmd() and escapeshellarg() are used to mitigate command injection
  • Negative
    • Extension does not implement message signing

Issues

gpglib implements signing, however the GPGMail extension does provide user interface elements exposing this functionality. This limits users' ability to authenticate that messages have originated from WMF servers.

Files

mediawiki-extensions-GPGMail/GPGMail.php

OK

mediawiki-extensions-GPGMail/GPGMailHooks.php

LOW
- line 149, validateKey will always return true

php-gpglib/src/GpgLib.php

OK

php-gpglib/src/GpgLibException.php

OK

php-gpglib/src/GpgLibFactory.php

OK

php-gpglib/src/PgpMime.php

OK

php-gpglib/src/ShellGpgLib.php

OK

php-gpglib/src/ShellGpgLibFactory.php

OK

php-gpglib/src/TempDir.php

OK

php-gpglib/src/TempDirFactory.php

OK
dpatrick moved this task from In Progress to Our Part Is Done on the Security-Team board.Feb 8 2016, 11:51 PM
csteipp closed this task as Resolved.Apr 5 2016, 11:23 PM
csteipp subscribed.

I don't think the message signing is a blocker, if we wanted to deploy this. So I think we can call the security review done.

sbassett moved this task from Scheduled to Done on the deprecated-security-team-reviews board.Jul 9 2019, 8:27 PM
chasemp removed a project: deprecated-security-team-reviews.Jan 8 2020, 4:17 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL