On Sat, Mar 17, 2007 at 10:12:07AM -0400, Derek Martin wrote:
On Sat, Mar 17, 2007 at 02:50:33PM +0100, Oswald Buddenhagen wrote:
in short, all this stuff is discussing securing the door of a blown-up
house. mutt is just one application. if umask (or the ~/ mode) or PATH
are not set
On Wednesday, 21 March 2007 at 18:37, Oswald Buddenhagen wrote:
On Wed, Mar 21, 2007 at 10:19:06AM -0700, Brendan Cully wrote:
So how about the following strategy for $umask:
1. I back out my patch
2. we save the existing $umask when setting it to 077 in main
3. we temporarily
On 2007-03-19 14:54:04 -0700, Brendan Cully wrote:
- E-Mail systems are typically set up to create inboxes with
rather paranoid security settings (typically 0600);
regardless of what the user's umask is, e-mail privacy is
protected by default.
This makes sense for /var/spool/mail,
On 2007-03-19 14:54:04 -0700, Brendan Cully wrote:
On Saturday, 17 March 2007 at 18:40, Thomas Roessler wrote:
[...]
- E-Mail systems are typically set up to create inboxes with rather
paranoid security settings (typically 0600); regardless of what
the user's umask is, e-mail privacy is
On Tue, Mar 20, 2007 at 08:05:02AM +0100, Nicolas Rachinsky wrote:
* Derek Martin [EMAIL PROTECTED] [2007-03-20 00:07 -0400]:
find Maildir -exec chmod 644 {} \;
find Maildir -exec chmod -vv 644 {} \;
Maildir: 040755 [drwxr-xr-x ] - 040644 [drw-r--r-- ]
find: Maildir/cur: Permission denied
Re: Thomas Roessler 2007-03-20 [EMAIL PROTECTED]
$umask defaults to 077. It's up to the user to override it. But if
the user wants to, it's more convenient to do it in mutt than to
suspend or quit and navigate to the created folder (and its
subdirectories if it is maildir) to fix up the
On Tuesday, 20 March 2007 at 12:39, Vincent Lefevre wrote:
On 2007-03-19 14:54:04 -0700, Brendan Cully wrote:
On Saturday, 17 March 2007 at 18:40, Thomas Roessler wrote:
[...]
- E-Mail systems are typically set up to create inboxes with rather
paranoid security settings (typically
On Saturday, 17 March 2007 at 18:40, Thomas Roessler wrote:
I continue to think that the umask patch should't have been taken
into mutt. However, at this point, the decision is really
Brendan's.
That said, I think there are several questions to consider here:
- E-Mail systems are
On Sat, Mar 17, 2007 at 12:05:49AM -0400, Derek Martin wrote:
[stuff about strict umask and in another thread about hard-coded
paths]
in short, all this stuff is discussing securing the door of a blown-up
house. mutt is just one application. if umask (or the ~/ mode) or PATH
are not set
On Sat, Mar 17, 2007 at 02:50:33PM +0100, Oswald Buddenhagen wrote:
On Sat, Mar 17, 2007 at 12:05:49AM -0400, Derek Martin wrote:
[stuff about strict umask and in another thread about hard-coded
paths]
in short, all this stuff is discussing securing the door of a blown-up
house. mutt is
Derek Martin wrote on 17 Mar 2007 05:05:49 +0100:
How many people reading this thought of the core dump problem I just
mentioned?
Well, if your operating system creates world-readable coredump, you
should report this as a security vulnerabilty, because it is indeed one
(see
Roessler [EMAIL PROTECTED]
On 2007-03-17 00:05:49 -0400, Derek Martin wrote:
From: Derek Martin [EMAIL PROTECTED]
To: Mutt Developers mutt-dev@mutt.org
Date: Sat, 17 Mar 2007 00:05:49 -0400
Subject: Re: [PATCH] Add $umask for mailboxes and attachments
Reply-To: mutt-dev@mutt.org
X-Spam
On Friday, 16 March 2007 at 13:15, Christoph Berg wrote:
Hi, and sorry for the late followup.
Imho there are 3 issues left in the umask handling:
#1: main.c sets umask(077) unconditionally. Should be removed.
#2: Even after fixing #1, the original process umask is not respected
when
On Fri, Mar 16, 2007 at 01:15:10PM +0100, Christoph Berg wrote:
Hi, and sorry for the late followup.
Imho there are 3 issues left in the umask handling:
#1: main.c sets umask(077) unconditionally. Should be removed.
I'm sorry I missed the start of this thread. The umask patch is, IMO,
yet
14 matches
Mail list logo