debian/notmuch
1
0
Fork 0
mirror of https://git.notmuchmail.org/git/notmuch synced 2025-02-17 23:53:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Omit User-Agent: header by default

Browse source 
The User-Agent: header can be fun and interesting, but it also leaks
quite a bit of information about the user and their software stack.

This represents a potential security risk (attackers can target the
particular stack) and also an anonymity risk (a user trying to
preserve their anonymity by sending mail from a non-associated account
might reveal quite a lot of information if their choice of mail user
agent is exposed).

This change also avoids hiding the User-Agent header by default, so
that people who decide they want to send it will at least see it (and
can edit it if they want to) before sending.

It makes sense to have safer defaults.
This commit is contained in:
Daniel Kahn Gillmor 2016-08-08 19:35:17 -04:00 committed by David Bremner
parent 188fccd84f
commit 1ba73d1437
2 changed files with 2 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
emacs/notmuch-mua.el
View file

@ -62,7 +62,7 @@ disabled: this would result in an incorrect behavior."))
(const :tag "Compose mail in a new window" new-window) (const :tag "Compose mail in a new window" new-window)
(const :tag "Compose mail in a new frame" new-frame))) (const :tag "Compose mail in a new frame" new-frame)))
(defcustom notmuch-mua-user-agent-function 'notmuch-mua-user-agent-full (defcustom notmuch-mua-user-agent-function nil
"Function used to generate a `User-Agent:' string. If this is "Function used to generate a `User-Agent:' string. If this is
`nil' then no `User-Agent:' will be generated." `nil' then no `User-Agent:' will be generated."
:type '(choice (const :tag "No user agent string" nil) :type '(choice (const :tag "No user agent string" nil)
@ -73,7 +73,7 @@ disabled: this would result in an incorrect behavior."))
:value notmuch-mua-user-agent-full)) :value notmuch-mua-user-agent-full))
:group 'notmuch-send) :group 'notmuch-send)
(defcustom notmuch-mua-hidden-headers '("^User-Agent:") (defcustom notmuch-mua-hidden-headers nil
"Headers that are added to the `message-mode' hidden headers "Headers that are added to the `message-mode' hidden headers
list." list."
:type '(repeat string) :type '(repeat string)

16
test/T310-emacs.sh
View file

@ -193,7 +193,6 @@ emacs_deliver_message \
(kill-whole-line) (kill-whole-line)
(insert "To: user@example.com\n")' (insert "To: user@example.com\n")'
sed \ sed \
-e s',^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' \
-e s',^Message-ID: <.*>$,Message-ID: <XXX>,' \ -e s',^Message-ID: <.*>$,Message-ID: <XXX>,' \
-e s',^\(Content-Type: text/plain\); charset=us-ascii$,\1,' < sent_message >OUTPUT -e s',^\(Content-Type: text/plain\); charset=us-ascii$,\1,' < sent_message >OUTPUT
cat <<EOF >EXPECTED cat <<EOF >EXPECTED
@ -201,7 +200,6 @@ From: Notmuch Test Suite <test_suite@notmuchmail.org>
To: user@example.com To: user@example.com
Subject: Testing message sent via SMTP Subject: Testing message sent via SMTP
Date: 01 Jan 2000 12:00:00 -0000 Date: 01 Jan 2000 12:00:00 -0000
User-Agent: Notmuch/XXX Emacs/XXX
Message-ID: <XXX> Message-ID: <XXX>
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: text/plain Content-Type: text/plain
@ -310,7 +308,6 @@ test_emacs '(let ((message-hidden-headers ''()))
(test-output))' (test-output))'
sed -i -e 's/^In-Reply-To: <.*>$/In-Reply-To: <XXX>/' OUTPUT sed -i -e 's/^In-Reply-To: <.*>$/In-Reply-To: <XXX>/' OUTPUT
sed -i -e 's/^References: <.*>$/References: <XXX>/' OUTPUT sed -i -e 's/^References: <.*>$/References: <XXX>/' OUTPUT
sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT
cat <<EOF >EXPECTED cat <<EOF >EXPECTED
From: Notmuch Test Suite <test_suite@notmuchmail.org> From: Notmuch Test Suite <test_suite@notmuchmail.org>
To: user@example.com To: user@example.com
@ -318,7 +315,6 @@ Subject: Re: Testing message sent via SMTP
In-Reply-To: <XXX> In-Reply-To: <XXX>
Fcc: ${MAIL_DIR}/sent Fcc: ${MAIL_DIR}/sent
References: <XXX> References: <XXX>
User-Agent: Notmuch/XXX Emacs/XXX
--text follows this line-- --text follows this line--
Notmuch Test Suite <test_suite@notmuchmail.org> writes: Notmuch Test Suite <test_suite@notmuchmail.org> writes:
@ -335,7 +331,6 @@ test_emacs "(let ((message-hidden-headers '()))
(notmuch-test-wait) (notmuch-test-wait)
(notmuch-search-reply-to-thread) (notmuch-search-reply-to-thread)
(test-output))" (test-output))"
sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT
cat <<EOF >EXPECTED cat <<EOF >EXPECTED
From: Notmuch Test Suite <test_suite_other@notmuchmail.org> From: Notmuch Test Suite <test_suite_other@notmuchmail.org>
To: Sender <sender@example.com> To: Sender <sender@example.com>
@ -343,7 +338,6 @@ Subject: Re: ${test_subtest_name}
In-Reply-To: <${gen_msg_id}> In-Reply-To: <${gen_msg_id}>
Fcc: ${MAIL_DIR}/sent Fcc: ${MAIL_DIR}/sent
References: <${gen_msg_id}> References: <${gen_msg_id}>
User-Agent: Notmuch/XXX Emacs/XXX
--text follows this line-- --text follows this line--
Sender <sender@example.com> writes: Sender <sender@example.com> writes:
@ -361,7 +355,6 @@ test_emacs "(let ((message-hidden-headers '()))
(notmuch-test-wait) (notmuch-test-wait)
(notmuch-search-reply-to-thread) (notmuch-search-reply-to-thread)
(test-output))" (test-output))"
sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT
cat <<EOF >EXPECTED cat <<EOF >EXPECTED
From: Notmuch Test Suite <test_suite@notmuchmail.org> From: Notmuch Test Suite <test_suite@notmuchmail.org>
To: Sender <sender@example.com>, someone@example.com To: Sender <sender@example.com>, someone@example.com
@ -369,7 +362,6 @@ Subject: Re: ${test_subtest_name}
In-Reply-To: <${gen_msg_id}> In-Reply-To: <${gen_msg_id}>
Fcc: ${MAIL_DIR}/sent Fcc: ${MAIL_DIR}/sent
References: <${gen_msg_id}> References: <${gen_msg_id}>
User-Agent: Notmuch/XXX Emacs/XXX
--text follows this line-- --text follows this line--
Sender <sender@example.com> writes: Sender <sender@example.com> writes:
@ -382,7 +374,6 @@ test_emacs '(let ((message-hidden-headers ''()))
(notmuch-show "id:20091118002059.067214ed@hikari") (notmuch-show "id:20091118002059.067214ed@hikari")
(notmuch-show-reply) (notmuch-show-reply)
(test-output))' (test-output))'
sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT
cat <<EOF >EXPECTED cat <<EOF >EXPECTED
From: Notmuch Test Suite <test_suite@notmuchmail.org> From: Notmuch Test Suite <test_suite@notmuchmail.org>
To: Adrian Perez de Castro <aperez@igalia.com>, notmuch@notmuchmail.org To: Adrian Perez de Castro <aperez@igalia.com>, notmuch@notmuchmail.org
@ -390,7 +381,6 @@ Subject: Re: [notmuch] Introducing myself
In-Reply-To: <20091118002059.067214ed@hikari> In-Reply-To: <20091118002059.067214ed@hikari>
Fcc: ${MAIL_DIR}/sent Fcc: ${MAIL_DIR}/sent
References: <20091118002059.067214ed@hikari> References: <20091118002059.067214ed@hikari>
User-Agent: Notmuch/XXX Emacs/XXX
--text follows this line-- --text follows this line--
Adrian Perez de Castro <aperez@igalia.com> writes: Adrian Perez de Castro <aperez@igalia.com> writes:
@ -447,7 +437,6 @@ test_emacs '(let ((message-hidden-headers ''()))
(notmuch-show "id:cf0c4d610911171136h1713aa59w9cf9aa31f052ad0a@mail.gmail.com") (notmuch-show "id:cf0c4d610911171136h1713aa59w9cf9aa31f052ad0a@mail.gmail.com")
(notmuch-show-reply) (notmuch-show-reply)
(test-output))' (test-output))'
sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT
cat <<EOF >EXPECTED cat <<EOF >EXPECTED
From: Notmuch Test Suite <test_suite@notmuchmail.org> From: Notmuch Test Suite <test_suite@notmuchmail.org>
To: Alex Botero-Lowry <alex.boterolowry@gmail.com>, notmuch@notmuchmail.org To: Alex Botero-Lowry <alex.boterolowry@gmail.com>, notmuch@notmuchmail.org
@ -455,7 +444,6 @@ Subject: Re: [notmuch] preliminary FreeBSD support
In-Reply-To: <cf0c4d610911171136h1713aa59w9cf9aa31f052ad0a@mail.gmail.com> In-Reply-To: <cf0c4d610911171136h1713aa59w9cf9aa31f052ad0a@mail.gmail.com>
Fcc: ${MAIL_DIR}/sent Fcc: ${MAIL_DIR}/sent
References: <cf0c4d610911171136h1713aa59w9cf9aa31f052ad0a@mail.gmail.com> References: <cf0c4d610911171136h1713aa59w9cf9aa31f052ad0a@mail.gmail.com>
User-Agent: Notmuch/XXX Emacs/XXX
--text follows this line-- --text follows this line--
Alex Botero-Lowry <alex.boterolowry@gmail.com> writes: Alex Botero-Lowry <alex.boterolowry@gmail.com> writes:
@ -521,7 +509,6 @@ test_emacs "(let ((message-hidden-headers '()))
(notmuch-show \"id:${gen_msg_id}\") (notmuch-show \"id:${gen_msg_id}\")
(notmuch-show-reply) (notmuch-show-reply)
(test-output))" (test-output))"
sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT
cat <<EOF >EXPECTED cat <<EOF >EXPECTED
From: Notmuch Test Suite <test_suite@notmuchmail.org> From: Notmuch Test Suite <test_suite@notmuchmail.org>
To: To:
@ -529,7 +516,6 @@ Subject: Re: Reply within emacs to an html-only message
In-Reply-To: <${gen_msg_id}> In-Reply-To: <${gen_msg_id}>
Fcc: ${MAIL_DIR}/sent Fcc: ${MAIL_DIR}/sent
References: <${gen_msg_id}> References: <${gen_msg_id}>
User-Agent: Notmuch/XXX Emacs/XXX
--text follows this line-- --text follows this line--
Notmuch Test Suite <test_suite@notmuchmail.org> writes: Notmuch Test Suite <test_suite@notmuchmail.org> writes:
@ -546,7 +532,6 @@ test_emacs "(let ((message-hidden-headers '()))
(notmuch-show \"id:$message_id\") (notmuch-show \"id:$message_id\")
(notmuch-show-reply) (notmuch-show-reply)
(test-output))" (test-output))"
sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT
cat <<EOF >EXPECTED cat <<EOF >EXPECTED
From: Notmuch Test Suite <test_suite@notmuchmail.org> From: Notmuch Test Suite <test_suite@notmuchmail.org>
To: To:
@ -554,7 +539,6 @@ Subject: Re: Quote MML tags in reply
In-Reply-To: <test-emacs-mml-quoting@message.id> In-Reply-To: <test-emacs-mml-quoting@message.id>
Fcc: ${MAIL_DIR}/sent Fcc: ${MAIL_DIR}/sent
References: <test-emacs-mml-quoting@message.id> References: <test-emacs-mml-quoting@message.id>
User-Agent: Notmuch/XXX Emacs/XXX
--text follows this line-- --text follows this line--
Notmuch Test Suite <test_suite@notmuchmail.org> writes: Notmuch Test Suite <test_suite@notmuchmail.org> writes: