<<< Date Index >>>     <<< Thread Index >>>

Re: [PATCH] Add $umask for mailboxes and attachments



On 2007-03-19 14:54:04 -0700, Brendan Cully wrote:

- E-Mail systems are typically set up to create inboxes with
  rather paranoid security settings (typically 0600);
  regardless of what the user's umask is, e-mail privacy is
  protected by default.

This makes sense for /var/spool/mail, where the user has no
control over the permissions of the directory. It makes a little
less sense for mailboxes in or below $HOME. New mailboxes _in_
$HOME probably need this. I don't really see why mailboxes in
subfolders would.

Because you don't know who has access to these folders.  In any
event, it's the usual behavior, and that was the point of this
paragraph.

  Saving a message to a new folder should, by default, not expose
  messages more broadly than they were exposed before.  Therefore,
  mutt should *never* create new folders with rights more lenient
  than 0600.

by *never* I think you mean *never by default* for symmetry with the
first sentence?

I mean "never." My point is precisely that umask (077) and not
bothering any more in the MUA takes care of almost all use cases,
and is therefore all we need to do.

$umask defaults to 077. It's up to the user to override it. But if
the user wants to, it's more convenient to do it in mutt than to
suspend or quit and navigate to the created folder (and its
subdirectories if it is maildir) to fix up the permissions
afterward, IMHO.

Yes.

But you have to weigh the downsides of the change against this:

- Code messiness.  (And yes, this is a significant consideration in
  this.)

- Introducing a configuration variable for an operation that doesn't
  call for changing the default, but (possibly) for a case-by-case
  change.
I think that the code messiness alone (together with the old code
taking care of most relevant use cases) would warrant not taking
this patch in.

Regards,
--
Thomas Roessler   <roessler@xxxxxxxxxxxxxxxxxx>