GnuPG has non-standard option --not-dash-escaped and it enables use of NotDashEscaped header.
In the implementation, g10/armor.c, the header line with NotDashEscaped is ignored, not included for the signature computation.
An attacker can mount this feature to add additional information with this header, so that not-so-careful user could misunderstand the information is covered by the signature.
| rG GnuPG | |||
| rG947ea3c411f0 gpg: Deprecate the option --not-dash-escaped. | |||
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Testing | None | T7900 Cleartext Signature Forgery in GnuPG | ||
| Testing | • werner | T7901 Cleartext Signature Forgery in NotDashEscaped header implementation in GnuPG |
I agree because the original purpose from the 90ies to enable the use of signed patch files in the Linux kernel community was never actually used and GnuPG stopped the distribution of patches from version to version many years ago. Thus I agree we should hide this option behind a compatibility flag.