Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Using Gajim Instead of Pidgin for More Secure OTR Chat

Micah Lee micahflee at
Thu Feb 21 11:15:03 PST 2013

On 02/20/2013 10:42 PM, Gregory Maxwell wrote:
> On Wed, Feb 20, 2013 at 10:27 PM, Micah Lee <micahflee at> wrote:
>> I just wrote a blog post that people here might find interesting about
>> using Gajim, a chat client written in python, and Gajim's OTR plugin, a
>> purely python implementation of the OTR standard, instead of Pidgin and
>> libotr.
> Uh. Writing something in python does not make it magically secure. It
> often trades one set of security issues for another— in higher level
> languages programmers often have no idea what the underlying machine
> is doing, and surprising behavior can easily slip in. E.g. I've seen
> programs python programs that could be triggered to run arbitrary
> commands on the system, for example, because some library they called
> n levels deep passed arguments to an os.system().  The mistakes you
> need to avoid to write secure C code are more easily made but there
> are generally fewer ways to fail.

Of course there's more to security than the choice of language. In my
blog post I point out Gajim's history of security problems, including an
arbitrary code execution bug.

But at least it doesn't depend on libpurple, which people seem to think
of as impossible to completely secure without some huge refactoring,
which no one is doing.

Seeing a working jabber client written in python with a working OTR
plugin is definitely a good thing. Completely removing things like
message sanitation bugs is a lot easier to do and to maintain than
completely removing memory corruption bugs.

> Personally, I run pidgin in a selinux sandbox in a KVM that I use for
> other internet access. I'd like to also run it inside valgrind
> modified to exit on error, but pidgin is thoroughly and depressingly
> valgrind unclean and with all the white-listing required I'm not sure
> how much marginal value that would provide (and Openssl itself for
> that matter, though for stupid reasons).

Sounds inconvenient.

Micah Lee

More information about the liberationtech mailing list