On Sat, Mar 17, 2007 at 02:50:33PM +0100, Oswald Buddenhagen wrote: > On Sat, Mar 17, 2007 at 12:05:49AM -0400, Derek Martin wrote: > > [stuff about strict umask and in another thread about hard-coded > > paths] > > > in short, all this stuff is discussing securing the door of a blown-up > house. mutt is just one application. if umask (or the ~/ mode) or PATH > are not set sensibly for *all* apps, you can conceive any number of > attacks against mutt or the data it produces/processes. There's no denying such a user is inviting trouble, but your argument is really a red herring. In this case, it is worth being EXTRA cautious, because Mutt is BY DESIGN meant to deal primarily with untrusted data from an outside source. If a local user is able to read another local user's local documents, because the victim was too careless or ignorant to protect them with a sufficient umask or whatever, that's one level of attack, and the risk is relatively low. Local users are always a threat, and in most cases is really hard to secure against their malicious activities. They have physical access (or at the very least, permitted remote access), and at least to some degree, they MUST be trusted. But even though this is true, that is not a good argument AGAINST Mutt helping the security-ignorant user to protect himself (and whatever organization he may be working for) from local users. However, for at least some (and possibly all) of the issues we've been discussing, not getting these things right elevates the risk substantially, by potentially exposing data to OUTSIDE entities, who normally would have no access whatsoever. That's a much bigger problem, and Mutt (and all programs) should do whatever they can to prevent it. Not every program a user will use will do a good job... but that is not a reason for Mutt to fall down. Security is hard, and there is no such thing as perfect security. Your sentiment above seems to amount to "It's hopeless anyway, so don't bother." That's not a very good way to approach the problem. Get right what you can get right. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers.
Attachment:
pgpzueRIAk7qi.pgp
Description: PGP signature