Control: forwarded 988127 https://github.com/neomutt/neomutt/issues/3068
Hi Daniel,
On Thu, Feb 01, 2024 at 11:09:50AM +0100, Daniel Gröber wrote:
> Hi all,
>
> I've done some code review to figure out what we can do to
> workaround/fix this issue since it has annoyed me in the past and I
> just don't even want to use S/MIME ever really.
Thanks for investigating this one, really!
> Some things I found: since I set crypt_use_gpgme=yes gpgme apparently
> handles S/MIME directly (didn't know gpg supported it) and the
> "backend" is /usr/bin/gpgsm.
>
> So a very nasty hack is to get rid of this issue is to just symlink
> gpgsm to /usr/bin/false somewhere on your $PATH:
>
> # ln -s /usr/bin/false gpgsm
>
> Looking at the code I found the original sin to be at
> ncrypt/cryptglue.c:crypt_init:
>
> #ifdef CRYPT_BACKEND_GPGME
> if (c_crypt_use_gpgme)
> {
> crypto_module_register(&CryptModPgpGpgme);
> crypto_module_register(&CryptModSmimeGpgme);
> }
> #endif
>
> this makes it so crypt_use_gpgme=yes enables both gpg and smime
> support with no way to disable smime at init or message verification
> time. Not even hooks will help since the crypt module registration
> runs only once.
>
> IMO this is unacceptable as I have no interest in being exposed to the
> vulnerability surface area of smime despite not having any use for it,
> so I'm planning to propose a patch to neomutt to move the smime
> registration to a seperate rc variable.
I really think this should be handled upstream, so I've forwarded your
findings to them [1].
> Does anybody think the ability to toggle this per-message would be
> useful? I can't think of a compelling reason to want that.
I can't either, but who knows :-)
Cheers,
Charles
[1] https://github.com/neomutt/neomutt/issues/3068#issuecomment-2132481854
signature.asc
Description: PGP signature
