Enigma: Redressing attack prevention - security background (#6450)

[alecpl]

See the ticket for some screenshots and discussion.

[dereks]

Thank you for submitting a Pull Request (PR) to the Roundcube GitHub project.

You are receiving this message because your PR has conflicts which need to be resolved. We are trying to catch up on our backlog of old PRs and get them merged in (where appropriate). Therefor, we request the following:

Step 1. Rebase from the latest Roundcube branch master into your PR.

git fetch upstream
git checkout your_feature_branch_name
git rebase upstream/master
git push -f origin your_feature_branch_name

Step 2. Re-test to make sure your new code still works as expected

Step 3. Comment back here once it has been tested and will merge cleanly.

Once this has been done we will treat it like a new Pull Request and consider it for acceptance.

Apologies for the inconvenience. Thank you for contributing to Roundcube!

[LBBO]

I'd like to state that this approach offers next to no security improvement (as far as I can tell by just skimming over the code), since it only modifies the box's appearance. An attacker can still include an HTML block using certain IDs and classes and all images will be set for them by Roundcube.

I agree with the opinion in #6450 that signature verification must be displayed outside of attacker's control in order to not compromise on security. Sure, the UX might suffer in some cases, but for most use cases people wouldn't tell the difference.

[JohnRDOrazio]

Is it possible to display the message box in the same area as the "This message contains attached PGP key(s)." message box i.e.

roundcubemail/plugins/enigma/lib/enigma_ui.php

Line 1098 in dec1d66

public function message_output($p)

? That would avoid the message box being a part of the message itself.

[JohnRDOrazio]

I tested my proposed solution on my own Roundcube instance, and it worked, so I made PR #10007 with the proposed fix.