Page:
SourceCodeAnalysis
3
SourceCodeAnalysis
pfm edited this page 2021-04-30 19:14:21 +00:00
Table of Contents
This page is a collection of information relevant or useful during porting GPG Lacre to Python 3.x.
General remarks
- There are no unit tests. We'll need them more than anything to be confident we aren't breaking anything while modernising the software.
- Code isn't documented very well.
- Installation is a manual process. This is error-prone and not very user-friendly, so we should consider providing tools to automate or semi-automate the process.
- According to README, a workaround is necessary: gpg-mailgate is expected to be owned by
nobody:nogroup
. A dedicated user would be a better option. - Installation instructions (section about GPG Mailgate installation) recommend adding following lines to
master.cf
, but the manual suggests the first line should start with the wordfilter
:
gpg-mailgate unix - n n - - pipe
flags= user=nobody argv=/usr/local/bin/gpg-mailgate.py ${recipient}
gpg-mailgate.py
The core of this Postfix content filter, performing actual encryption of incoming messages.
- It's a large, non-compiled Python script. Compiling it could improve overall performance, so we should at least consider it.
- Most (if not all) functions defined here could be moved to a dedicated module and
import
ed. - Custom
log
function could (and probably should) be replaced with the built-inlogging
module.
GnuPG
A Python module wrapping calls to /usr/bin/gpg
binary.
- Creates a new operating system process each time an operation needs to be performed.
- Using an external package could be an option, e.g. gnupg.
gpg-mailgate-web
A web interface to upload public keys and optionally a keyserver.
- Each failed update of an existing key ends with all valid keys being deleted, which seems like an opportunity for an attacker to disable a person's mailbox encryption.
- There might be a vulnerability in key-confirmation code:
$email
and$confirm
are not sanitised before being passed to the database. - Key upload protocol is very simple:
- An email address and a key is uploaded with HTTP POST.
- Email asking for confirmation is sent to the email address given.
- Confirmation is performed by sending a request with that email and a random string generated in the first step.