Open philmcmahon opened 2 years ago
I'm looking into this one, as I can see how useful it would be.
We need to choose an email client, and although Thunderbird can be obnoxious, after a brief survey I think it might be the best bet. Here's what I considered:
sd-large-bookworm-template
because of grsec, even after whitelisting /usr/bin/evolution
, because of this error:
2024-05-30T16:28:32.741159-07:00 fake-sd-viewer kernel: [ 2150.244406] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/bin/evolution[evolution:5108] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/bash[bash:4328] uid/euid:1000/1000 gid/egid:1000/1000
So I think Thunderbird is probably the way to go.
In order for Thunderbird to work, we need to add the following line to /etc/paxctld.conf
:
/usr/lib/thunderbird/thunderbird-bin m
Another thing to tackle is that when opening an EML file in thunderbird which hasn't been configured, it tries to run the "set up your existing email address" first run wizard. It would be good to put some sort of empty-ish Thunderbird profile on sd-viewer
to prevent this from happening.
When a user attempts to open an eml file in securedrop workstation, could the behaviour be to open the file in gedit? Currently with
eml
files the viewer vm starts up then immediately crashes (related issue https://github.com/freedomofpress/securedrop-client/issues/2007)