Re: TorBirdy/Qubes OS Users: Fedora20 > 21 Template change results in timezone disclosure
98 views
Skip to first unread message
Axon
Jun 23, 2015, 9:55:19 AM6/23/15
to torbi...@ruggedinbox.com, qubes...@googlegroups.com, marm...@invisiblethingslab.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
torbi...@ruggedinbox.com wrote:
> Hi!
>
> Since my repeated attempts to sent this email to qubes-users
> failed: Marek or Axon, could you do me a favor and forward it?
> thank you!
>
> This email has also been sent to tor-talk:
> https://lists.torproject.org/pipermail/tor-talk/2015-June/038203.html
>
> Marek, have there been any special changes in how the F21
> template handles or configures timezones?
>
> ------------------ Hi,
>
> this is a (pre) information for TorBirdy users.
>
> If any Qubes OS user can confirm/not confirm this, please let me
> know in any case.
>
> Bug Impact: Outbound emails disclose the actual timezone in the
> "Date" header (instead of using UTC regardless of actual OS
> timezone). This reveals a sender's raw location and more
> importantly allows attackers to link pseudonyms because the
> timezone in outbound emails potentially changed at the same point
> in time for all used pseudonyms of a single entity.
>
> The root cause and affected systems of the problem is not analyzed
> yet but I wanted to send this out as soon as possible so people are
> aware of this problem and can avoid it until it gets fixed.
>
> Are you affected? It has been observed on Qubes OS R2 default
> Fedora template after changing from Fedora 20 to Fedora 21. It is
> not known whether this is Qubes OS specific in any way.
>
> You can easily check whether you are affected by going to your
> 'sent' mail folder:
>
> - select an email - ctrl+u to see the source of the email - search
> (ctrl+f) "Date:" - if the line ends with +0000, timezone masking is
> working (if your OS timezone is not +0000) - if it shows anything
> else it is not working and you are probably affected (note: there
> is a TorBirdy setting to explicitly disable this protection, of you
> opted-out than this is entire email is irrelevant to you)
>
> If you are affected please add information (your OS) to the bug
> tracker to help debug this.
>
> Trac ticket: https://trac.torproject.org/projects/tor/ticket/16419
>
> @TorProject: the 'cypherpunks' account is not working, could you
> enable it agains so that people can use it?
>
Thanks for the heads up!
> Fix? Not available yet, TorBirdy devs will certainly send out an
> information once this is solved/analyzed.
>
What if you simply add this line to your .bashrc in the AnonVM?
export TZ="/usr/share/zoneinfo/UTC"
>
> This bug has been observed after upgrading from Fedora 20 to Fedora
> 21 on Qubes OS R2 (default templates) with Thunderbird 31.7.0 and
> TorBirdy 0.1.4.
>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJViWUwAAoJEJh4Btx1RPV8r9cP/1YPHQhItBNbB4rWziT7Zxia
E/lHEa83Ap+fxlGtf6FRnRiL7sdP9uAHFOKLVIaQ70kcZjdR1BGUgmtT/9tR3k+s
H/lECzIn2ZKAJKgeZ5QlS4MAeRmVAtQB4z6qgnKXZRCffBaVhbhDU+H8ZSneaRbK
yPC61AYG0xPeZk7WlOEK6nprHNzjPvsLLWsDglhsUntnRAmm3RicpBpiy+7bjYP/
i59NpIpD9QYtiopiz8Ng4qhL3/9s+1AZVWuEftjMvPhb/iDEdSmU+pO0nSzelpLQ
f8QpPJgNts6SAEky5/x8oz018NlUPZFVdidptp5/lq4rdBHJnqkeBvccQ/BOBxq8
HKd8H2Y7/BPxypOWX6yKQHMMB5oWEJ1EFj43vSEBFO7BlFIB7VeUVeUY+rQCgeiX
dPZ8RPpL9rezbOcRWwXDYRQAZKm8bi1Dxj8hHS3r5GoCArz4bOsNeDffha/ekX0Q
G3H3O6V7RWCfpBnKsOt8y6WG9c+M+dReXvk9BpSjtaWCPKLxno+6FKD3xMj9QxG2
S7av9xZ4gJ15tmf0UAS23kgrLPUl/0chUi9RnuE8KvXKQNQhTtlvBKPXJk1l9+rD
ErNzopqVtvZl6+9Ce/AlmJh9HkqWDkqnQlYwg4Dp343byYAyHa0kvV2pf20G2wJj
wkNmBWJbNK3wa4LKuKRa
=0LzN
-----END PGP SIGNATURE-----
Hash: SHA512
torbi...@ruggedinbox.com wrote:
> Hi!
>
> Since my repeated attempts to sent this email to qubes-users
> failed: Marek or Axon, could you do me a favor and forward it?
> thank you!
>
> This email has also been sent to tor-talk:
> https://lists.torproject.org/pipermail/tor-talk/2015-June/038203.html
>
> Marek, have there been any special changes in how the F21
> template handles or configures timezones?
>
> ------------------ Hi,
>
> this is a (pre) information for TorBirdy users.
>
> If any Qubes OS user can confirm/not confirm this, please let me
> know in any case.
>
> Bug Impact: Outbound emails disclose the actual timezone in the
> "Date" header (instead of using UTC regardless of actual OS
> timezone). This reveals a sender's raw location and more
> importantly allows attackers to link pseudonyms because the
> timezone in outbound emails potentially changed at the same point
> in time for all used pseudonyms of a single entity.
>
> The root cause and affected systems of the problem is not analyzed
> yet but I wanted to send this out as soon as possible so people are
> aware of this problem and can avoid it until it gets fixed.
>
> Are you affected? It has been observed on Qubes OS R2 default
> Fedora template after changing from Fedora 20 to Fedora 21. It is
> not known whether this is Qubes OS specific in any way.
>
> You can easily check whether you are affected by going to your
> 'sent' mail folder:
>
> - select an email - ctrl+u to see the source of the email - search
> (ctrl+f) "Date:" - if the line ends with +0000, timezone masking is
> working (if your OS timezone is not +0000) - if it shows anything
> else it is not working and you are probably affected (note: there
> is a TorBirdy setting to explicitly disable this protection, of you
> opted-out than this is entire email is irrelevant to you)
>
> If you are affected please add information (your OS) to the bug
> tracker to help debug this.
>
> Trac ticket: https://trac.torproject.org/projects/tor/ticket/16419
>
> @TorProject: the 'cypherpunks' account is not working, could you
> enable it agains so that people can use it?
>
Thanks for the heads up!
> Fix? Not available yet, TorBirdy devs will certainly send out an
> information once this is solved/analyzed.
>
What if you simply add this line to your .bashrc in the AnonVM?
export TZ="/usr/share/zoneinfo/UTC"
>
> This bug has been observed after upgrading from Fedora 20 to Fedora
> 21 on Qubes OS R2 (default templates) with Thunderbird 31.7.0 and
> TorBirdy 0.1.4.
>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJViWUwAAoJEJh4Btx1RPV8r9cP/1YPHQhItBNbB4rWziT7Zxia
E/lHEa83Ap+fxlGtf6FRnRiL7sdP9uAHFOKLVIaQ70kcZjdR1BGUgmtT/9tR3k+s
H/lECzIn2ZKAJKgeZ5QlS4MAeRmVAtQB4z6qgnKXZRCffBaVhbhDU+H8ZSneaRbK
yPC61AYG0xPeZk7WlOEK6nprHNzjPvsLLWsDglhsUntnRAmm3RicpBpiy+7bjYP/
i59NpIpD9QYtiopiz8Ng4qhL3/9s+1AZVWuEftjMvPhb/iDEdSmU+pO0nSzelpLQ
f8QpPJgNts6SAEky5/x8oz018NlUPZFVdidptp5/lq4rdBHJnqkeBvccQ/BOBxq8
HKd8H2Y7/BPxypOWX6yKQHMMB5oWEJ1EFj43vSEBFO7BlFIB7VeUVeUY+rQCgeiX
dPZ8RPpL9rezbOcRWwXDYRQAZKm8bi1Dxj8hHS3r5GoCArz4bOsNeDffha/ekX0Q
G3H3O6V7RWCfpBnKsOt8y6WG9c+M+dReXvk9BpSjtaWCPKLxno+6FKD3xMj9QxG2
S7av9xZ4gJ15tmf0UAS23kgrLPUl/0chUi9RnuE8KvXKQNQhTtlvBKPXJk1l9+rD
ErNzopqVtvZl6+9Ce/AlmJh9HkqWDkqnQlYwg4Dp343byYAyHa0kvV2pf20G2wJj
wkNmBWJbNK3wa4LKuKRa
=0LzN
-----END PGP SIGNATURE-----
torbi...@ruggedinbox.com
Jun 23, 2015, 11:54:18 AM6/23/15
to Axon, qubes...@googlegroups.com, Jacob, Azadi
> Can anyone reproduce this when changing the VM's template
> from Fedora 20 to Fedora 21?
This entire problem affects torbirdy but is not limited to it.
on Fedora 20's shell (where things work):
---------------------
$ date
<local timestamp>
$ TZ=UTC date
<*UTC* timestamp>
on Fedora 21's shell:
---------------------
$ date
<local timestamp>
$ TZ=UTC date
<*local* timestamp>
so TZ gets ignored completely.
Is there any package required?
'tzdata' is installed in both templates.
> from Fedora 20 to Fedora 21?
This entire problem affects torbirdy but is not limited to it.
on Fedora 20's shell (where things work):
---------------------
$ date
<local timestamp>
$ TZ=UTC date
<*UTC* timestamp>
on Fedora 21's shell:
---------------------
$ date
<local timestamp>
$ TZ=UTC date
<*local* timestamp>
so TZ gets ignored completely.
Is there any package required?
'tzdata' is installed in both templates.
torbi...@ruggedinbox.com
Jun 23, 2015, 11:54:18 AM6/23/15
to Axon, qubes...@googlegroups.com, Jacob, Azadi
>> Fix? Not available yet, TorBirdy devs will certainly send out an
>> information once this is solved/analyzed.
>>
>
> What if you simply add this line to your .bashrc in the AnonVM?
>
> export TZ="/usr/share/zoneinfo/UTC"
Entering this on Thunderbird's Error Console:
>> information once this is solved/analyzed.
>>
>
> What if you simply add this line to your .bashrc in the AnonVM?
>
> export TZ="/usr/share/zoneinfo/UTC"
Components.classes["@mozilla.org/process/environment;1"].getService(Components.interfaces.nsIEnvironment).get('TZ')
gives me already:
UTC
without any special additions, but
Date()
returns a local timestamp nonetheless..
Manually starting thunderbird on the shell
with explicitly setting TZ does not help.
Can anyone reproduce this when changing the VM's template
(using the default template from dom0 RPM, not in-place upgrade).
torbi...@ruggedinbox.com
Jun 23, 2015, 12:06:12 PM6/23/15
to qubes...@googlegroups.com, Marek Marczykowski-Górecki
> on Fedora 20's shell (where things work):
> ---------------------
> ---------------------
> $ TZ=UTC date
> <*UTC* timestamp>
>
> on Fedora 21's shell:
> ---------------------
> <*UTC* timestamp>
>
> on Fedora 21's shell:
> ---------------------
> $ TZ=UTC date
> <*local* timestamp>
>
>
> so TZ gets ignored completely.
I can confirm this problem on Fedora 21 templates running on Qubes R3 as
> <*local* timestamp>
>
>
> so TZ gets ignored completely.
well.
So I assume you are seeing the same problem?
Marek Marczykowski-Górecki
Jun 23, 2015, 2:25:42 PM6/23/15
to torbi...@ruggedinbox.com, Axon, qubes...@googlegroups.com, Jacob, Azadi
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ok, I've found the cause - it is the code linked before[1]. It overrides
/etc/localtime with current time zone, but since on Fedora 21 it is
symlink, it overrides original file. So /usr/share/zoneinfo/UTC gets
overriden by local timezone info...
Fixed package uploaded to current-testing repository (both R2 and R3).
You also need to reinstall tzdata package to fix
/usr/share/zoneinfo/UTC:
yum reinstall tzdata
[1]
https://github.com/QubesOS/qubes-core-agent-linux/blob/master/vm-systemd/qubes-sysinit.sh#L87
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJViaScAAoJENuP0xzK19csWbsH/R45D5ImsaBvyT13JLzmLhSi
VafEHvOsZmhihWrD7uu6GhHlUvH8Cco0jLQkXRVWMqZg86zVrP4KJqSsHa/2Mb70
aDNFmB687ixOnZj8Vw4u32UWt9jx6oUhfmYpxrmCG1CRle9p8dSbDCOnGVkX2aFL
+dlyWcfjRXwvf8FQwJ+9d5HPl7qwzblJCjz5BiYuL/QwtL4GUUA2yLnIksGvQ40o
Wc3Whz9/QwguED6G0ZayM4BfCZQY3AHffaqGjKGgED92LRvqwCJsjH4yxB9JkpLk
H9uAnZgAlnz/ROArYt4pBsoqIkxQh86IREQwmsqr3fthRI6lQ3/FjkmLF5w5PyM=
=1O4V
-----END PGP SIGNATURE-----
Hash: SHA1
/etc/localtime with current time zone, but since on Fedora 21 it is
symlink, it overrides original file. So /usr/share/zoneinfo/UTC gets
overriden by local timezone info...
Fixed package uploaded to current-testing repository (both R2 and R3).
You also need to reinstall tzdata package to fix
/usr/share/zoneinfo/UTC:
yum reinstall tzdata
[1]
https://github.com/QubesOS/qubes-core-agent-linux/blob/master/vm-systemd/qubes-sysinit.sh#L87
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJViaScAAoJENuP0xzK19csWbsH/R45D5ImsaBvyT13JLzmLhSi
VafEHvOsZmhihWrD7uu6GhHlUvH8Cco0jLQkXRVWMqZg86zVrP4KJqSsHa/2Mb70
aDNFmB687ixOnZj8Vw4u32UWt9jx6oUhfmYpxrmCG1CRle9p8dSbDCOnGVkX2aFL
+dlyWcfjRXwvf8FQwJ+9d5HPl7qwzblJCjz5BiYuL/QwtL4GUUA2yLnIksGvQ40o
Wc3Whz9/QwguED6G0ZayM4BfCZQY3AHffaqGjKGgED92LRvqwCJsjH4yxB9JkpLk
H9uAnZgAlnz/ROArYt4pBsoqIkxQh86IREQwmsqr3fthRI6lQ3/FjkmLF5w5PyM=
=1O4V
-----END PGP SIGNATURE-----
torbi...@ruggedinbox.com
Jun 23, 2015, 4:09:26 PM6/23/15
to qubes...@googlegroups.com
> Ok, I've found the cause - it is the code linked before[1]. It
> overrides
> /etc/localtime with current time zone, but since on Fedora 21 it is
> symlink, it overrides original file. So /usr/share/zoneinfo/UTC gets
> overriden by local timezone info...
>
> Fixed package uploaded to current-testing repository (both R2 and R3).
> You also need to reinstall tzdata package to fix
> /usr/share/zoneinfo/UTC:
> yum reinstall tzdata
>
> [1]
> https://github.com/QubesOS/qubes-core-agent-linux/blob/master/vm-systemd/qubes-sysinit.sh#L87
thanks, after upgrading to 3.0.12-1 things are all good again.
> overrides
> /etc/localtime with current time zone, but since on Fedora 21 it is
> symlink, it overrides original file. So /usr/share/zoneinfo/UTC gets
> overriden by local timezone info...
>
> Fixed package uploaded to current-testing repository (both R2 and R3).
> You also need to reinstall tzdata package to fix
> /usr/share/zoneinfo/UTC:
> yum reinstall tzdata
>
> [1]
> https://github.com/QubesOS/qubes-core-agent-linux/blob/master/vm-systemd/qubes-sysinit.sh#L87
Fixed Versions
----------------
For R2/Fedora 21 fixed in:
qubes-core-vm-2.1.65-1
For R3/Fedora 21 fixed in:
qubes-core-vm-3.0.12-1
Manuel Amador (Rudd-O)
Jun 29, 2015, 4:51:18 AM6/29/15
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/23/2015 07:38 AM, torbi...@ruggedinbox.com wrote:
>
> on Fedora 21's shell:
> ---------------------
> $ date
> <local timestamp>
>
> $ TZ=UTC date
> <*local* timestamp>
>
Very strange.
- --
Rudd-O
http://rudd-o.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVkQcAAAoJEFmZwbV7vYQ2IPQP+gL68Kx0ZoSfH7rM8hHfK4gT
Version: GnuPG v1
fvCMVDnfz7rQlwbl8uVxDP1rRYIUFXBC7mNt+FBJyEffivMWO3EkWITD8tPvt6im
b8aCuc2eCUnOxGPANanuCsvrdn2OLpbPEELBh0vnSPg5oLoX4DKTmnftzjtqiFqN
s0Zgu9RCz0XvkSQlr+uv3xdv1UjfaYEVpDsU3HnSb+58EDhv0frKhdrPEttvOzW8
fo5duPFlzCbaxPumj9FMOJQuNulWG0/KRrLq4sMRylIlTEZQScIumHWDIDXZ579/
xz6yrfMtzx/hIoMz3zTsmJ7A5Kv7fIOYOEsuglfy+UpjUQtqJ1C2GNi5ncUODIFH
gZaI3f74kZdQ+4Tyw5VGm1tDwSWxMU9wH/EDlit1K41vaHIz0oa6aQKb/JOzqf2e
P8N6NkMkPzs1Xrf+iKpksIjwGF//R9hDAtuedOJCspSPi8/Ym5KBgQX8M9I+Poyb
oiZgOnGos9bX9qMGe71ndLg0gZs04mqG7QiykkcEcQt/mVdqXGpU4G8YBe3KCaIL
HUdNK5nrnbZ1SNPtQCkWFLkpI4kKr4d2UVhrCiPYStvU/+cVBKSgQJHNSBuvbw3b
nOeSD7gPkyZgGeOX51iSE4DGr5Go/AxrXKj44JQOUejAymppVCF85zqlInS/EUeO
LtGQa2xvSK8SMRCIINmA
=w3wN
-----END PGP SIGNATURE-----
Marek Marczykowski-Górecki
Sep 17, 2015, 1:28:21 PM9/17/15
to torbi...@ruggedinbox.com, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Thu, Sep 17, 2015 at 04:43:54PM +0200, torbi...@ruggedinbox.com wrote:
> in the current repo anytime soon?
Done now :)
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJV+vgwAAoJENuP0xzK19csRe0H/jTW1z7TdNiK1eE0hWGsybQc
6F5SUMGTFWJQ3aRuWtsDxW2adl8z0I3JC+B6de68E9EBsozO4ThUW7DlyMnkG05C
xiTool+IgMMKqcfVUaWZNQEfhoRWBHBdueMhgiMZhWtB1wveFRcMaL86jVTwC1qW
8hSKDjTRa5lMUyq427XGuL2W93yYa1oyaGl8dPfSol8AnYn3E9xuyv3Se8rqeK1W
KZ4PbZDe2ci8AEmEFSs57hPB5KFZOfwINppGIf7HPOMfeuW2Rjeq6sAq5IpV2A/7
ouXYMvBccDG/iDEAUNCeNAO92L3kfL+u3kNJPwi/v3it208P2SnMkKI8e5qu84M=
=ULSs
-----END PGP SIGNATURE-----
Hash: SHA256
On Thu, Sep 17, 2015 at 04:43:54PM +0200, torbi...@ruggedinbox.com wrote:
> On 2015-06-23 20:54, torbi...@ruggedinbox.com wrote:
> >>Ok, I've found the cause - it is the code linked before[1]. It overrides
> >>/etc/localtime with current time zone, but since on Fedora 21 it is
> >>symlink, it overrides original file. So /usr/share/zoneinfo/UTC gets
> >>overriden by local timezone info...
> >>
> >>Fixed package uploaded to current-testing repository (both R2 and R3).
>
> Will we see qubes-core-vm-2.1.65-1
> >>Ok, I've found the cause - it is the code linked before[1]. It overrides
> >>/etc/localtime with current time zone, but since on Fedora 21 it is
> >>symlink, it overrides original file. So /usr/share/zoneinfo/UTC gets
> >>overriden by local timezone info...
> >>
> >>Fixed package uploaded to current-testing repository (both R2 and R3).
>
> in the current repo anytime soon?
Done now :)
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
6F5SUMGTFWJQ3aRuWtsDxW2adl8z0I3JC+B6de68E9EBsozO4ThUW7DlyMnkG05C
xiTool+IgMMKqcfVUaWZNQEfhoRWBHBdueMhgiMZhWtB1wveFRcMaL86jVTwC1qW
8hSKDjTRa5lMUyq427XGuL2W93yYa1oyaGl8dPfSol8AnYn3E9xuyv3Se8rqeK1W
KZ4PbZDe2ci8AEmEFSs57hPB5KFZOfwINppGIf7HPOMfeuW2Rjeq6sAq5IpV2A/7
ouXYMvBccDG/iDEAUNCeNAO92L3kfL+u3kNJPwi/v3it208P2SnMkKI8e5qu84M=
=ULSs
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages