This is my current understanding of why EFAIL usually does not affect
Mu4e much. We have the following scenarios:
(1) The incoming mail uses HTML.
(1.a) As Arne Köhn already pointed out, mu4e “does not load remote
images by default”. Does it not load ANYTHING remote (apart from images)
by default? If it does, Mu4e is might be affected by EFAIL, by default.
Otherwise we're good by default.
(1.b) If you configured Mu4e/Emacs to load remote HTML images/stuff, the
incoming mail might exploit EFAIL, AFAIU.
(2) The incoming mail uses S/MIME encryption. In Mu4e, “[c]urrently,
decryption and signature verification only works for PGP/MIME;
inline-PGP and S/MIME are not supported.“
(
https://www.djcbsoftware.nl/code/mu/mu4e/Signing-and-encrypting.html)
So, in this case, the incoming mail does not affect Mu4e, AFAIU.
(3) The incoming mail uses OpenPGP/MIME
(
https://tools.ietf.org/html/rfc2440 &
https://tools.ietf.org/html/rfc3156), the incoming mail might try to
exploit EFAIL through "OpenPGP specific backchannels". "This can
potentially be abused by mal- leability gadgets to leak four bytes of
plaintext." (
https://efail.de/efail-attack-paper.pdf) Four bytes is not
much, AFAIU. (AFAIU, it might be the `append_sexp_parts` function in the
source code of Mu which might be responsible for this issue:
https://github.com/djcb/mu/blob/b9d2046a6e037bf8095e8071f2365a5643a2a4a9/lib/mu-msg-sexp.c#L428-L429).
--
mekeor ~ EDD3 DFFA 76F6 11C0 145F 9A99 AC85 BAD8 A2F8 C868