Ubuntu
fetchmail package

add a security feature to randomize the fetch schedule

Bug #1924622 reported by Bill Yikes
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
fetchmail (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Suppose you have ~6-12 accounts all fetched over Tor. If they all fetch at the same time, the accounts could easily be correlated together -- which is particularly problematic if you hold multiple accounts at the same provider. And even if you only have one account, having a fixed delay between fetches is also compromizing.

The "interval" option doesn't cut it because the first fetch still hits all servers at once and the schedule is still predictable. I therefore propose expanding the "interval" parameter to fetch at random times if a range is given. E.g. "interval 5.3-25" means fetch as early as 5.3 min & no later than 25 min since the last fetch, randomized after each fetch.

Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

Hi Bill,

Thanks for taking out time to report the bug and help make Ubuntu server better.

We appreciate the suggestions of new features but I am afraid that we work on the packaging of upstream source[1] for Ubuntu.

Such new feature requests and suggestions are worth reporting upstream and once they're added upstream, we can pick it from there in the packaging we provide. So if it's not too much to ask, do you think you can rather report this upstream[1] instead and have their opinion on this?

[1]: https://gitlab.com/fetchmail/fetchmail

Since this isn't a bug or something Ubuntu-specific but a feature request from the upstream, I am marking this as "Invalid", but should you feel differently, please let us know and we can work something out.

Thanks, again.

Changed in fetchmail (Ubuntu):
status: New → Invalid
Revision history for this message
Matthias Andree (matthias-andree) wrote :

Bill, in your threat scenario, I think it best to avoid the daemon mode altogether, and then just use some external random delay tool (possibly some script language one-liner) to delay a one-shot fetchmail run.

You can always set up separate directories, for instance, by way of the FETCHMAILHOME variable and configure each account at the same provider separately.

Bottom line, this is much easier to solve outside fetchmail than inside.
-> For me as the upstream maintainer, this is very near to a WONTFIX. Certainly at the end of the list of priorities.

Revision history for this message
Bill Yikes (yik3s) wrote :

Matthias, I appreciate the tip about FETCHMAILHOME, which seems to imply that multiple instances can run potentially at the same time. I will explore your suggested workaround. Since I access onion servers, I have a lot of wiring outside of fetchmail anyway.

Note that I don't personally have a threat model that makes this capability important to me, but I raised the feature request because it would be a useful security improvement for many to have. If the daemon could handle the scheduling, it would ease things for the user and improve security for many including those who don't have such an exciting threat model.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.