Date: Fri, 7 Jun 2002 15:13:18 -0700 (PDT)
From: Roger Marquis <marquis@roble.com>
To: bugtraq@securityfocus.com
Subject: Pine 4.44 Privacy Patch
Problem description:
The Pine email client allows users to define the "From:"
address independent of their Unix username. This is an
indispensable feature for help desks and other role accounts.
Unfortunately, user names and/or ids can still be leaked due to
Pine's insertion of "Sender:" and/or "X-Sender:" headers. Pine
versions earlier than 4.44 may also insert the Unix username
into other envelope and header fields.
Solution:
Applying the following patch to pine 4.4 will cause
{X-}Sender: headers to be omitted. Users may also need to
define a remote "smtp-server" to prevent certain local MTAs
from inserting this information. Other details on changing
Pine's "From:" line are detailed in the FAQ at:
http://www.washington.edu/pine/faq/config.html#9.5
To apply this patch, download the source code from:
ftp://ftp.cac.washington.edu/pine/
Unpack (tar xzvf ...) and cd into the source directory, apply
the patch (patch < patch_file_name) and recompile per the
documentation.
Disclaimers:
This patch has been tested under Solaris and FreeBSD operating
systems using the gcc compiler, however, no warranty is made
regarding its accuracy or reliability. Use it at your own
risk.
Pine and Pico are registered trademarks of the University of
Washington. No commercial use of these trademarks may be made
without prior written permission of the University of
Washington. Pine, Pico, and Pilot software and its included
text are Copyright 1989-2002 by the University of Washington.
--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
--------------------------------------------------------------------
--- pine/send.c.orig Tue Jan 8 12:59:37 2002
+++ pine/send.c Sat Mar 9 09:17:08 2002
@@ -3989,12 +3989,15 @@
outgoing->return_path = rfc822_cpy_adr(outgoing->from);
+
/*
* Don't ever believe the sender that is there.
* If From doesn't look quite right, generate our own sender.
*/
+ /**** fix u-washington anti-privacy loophole
if(outgoing->sender)
mail_free_address(&outgoing->sender);
+ /****
/*
* If the LHS of the address doesn't match, or the RHS
@@ -4003,6 +4006,7 @@
*
* Don't add a personal_name since the user can change that.
*/
+ /**** fix u-washington anti-privacy loophole
if(!outgoing->from
|| !outgoing->from->mailbox
|| strucmp(outgoing->from->mailbox, ps_global->VAR_USER_ID) != 0
@@ -4014,6 +4018,7 @@
outgoing->sender->mailbox = cpystr(ps_global->VAR_USER_ID);
outgoing->sender->host = cpystr(ps_global->hostname);
}
+ /****
/*----- Message is edited, now decide what to do with it ----*/
if(editor_result & (COMP_SUSPEND | COMP_GOTHUP | COMP_CANCEL)){
--------------------------------------------------------------------
