On Mon, Mar 19, 2007 at 02:54:04PM -0700, Brendan Cully wrote: > > Saving a message to a new folder should, by default, not expose > > messages more broadly than they were exposed before. Therefore, > > mutt should *never* create new folders with rights more lenient > > than 0600. > > by *never* I think you mean *never by default* for symmetry with the > first sentence?
Come on, Brendan, it should be clear that he meant never, period. If
he had not, he would have included the umask patch in 2000, or 2001,
or 2003, or 2005, or 2006, when users made a big stink about it.
As a system administrator, I can tell you that I've come across more
than a few users who had their e-mail read by people who shouldn't
have, and been sorry that they did not protect their e-mail better
than they did. Allowing the umask patch is a mistake. People are too
lazy or just not smart enough to protect themselves. I saw a guy get
fired over it. It's bad, bad news.
> > - What's the typical reason for a lenient umask on a multi-user
> > system? People collaborating on some project through shared
> > directories, possibly with local cvs involved. On such systems,
> > though, it does indeed make sense to be more paranoid about e-mail
> > than about other user files. Another reason to protect e-mail
> > more tightly than other files the user creates.
> >
> > (And yes, I have worked and continue to work on such systems.)
>
> $umask defaults to 077. It's up to the user to override it. But if the
> user wants to, it's more convenient to do it in mutt than to suspend
> or quit and navigate to the created folder (and its subdirectories if
> it is maildir) to fix up the permissions afterward, IMHO.
find Maildir -exec chmod 644 {} \;
Arguing for lower security in favor of the tiniest increase in
convenience is not a very compelling argument. As for world-readable
or even group-readable mail folders, you just shouldn't do it. Sooner
or later, it will probably bite you in the a$$. Secure by default --
if you really want people to read stuff, it should have to be a
concious choice (in each case). Otherwise you may get burned.
--
Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address. Replying to it will result in
undeliverable mail. Sorry for the inconvenience. Thank the spammers.
pgpSf8AxuoIZy.pgp
Description: PGP signature
