Hi Will, On Thu, Mar 22, 2007 at 06:25:27PM -0700, William Yardley wrote: > I think it's reasonable to at the very least make the mode of saved > attachments configurable (whether this comes from a config setting or > the user's umask doesn't matter, though I can see the argument for the > former). The trouble is, if there's a way for the user to configure it, it will be configurable in environments where it really should never be changed... and there will be no way for the system administrator to enforce a safer umask value. If that is your situation, and you care that much about it, you can always edit the source code and make the umask 022. Doing that is far easier than the case where you're a system administrator trying to enforce a sane umask in a multi-user environment, having to rip out all the code that provides this feature. And since few sysadmins have time to be bothered reading mailing lists like this one, if they are not particularly interested in mail clients or mutt specifically, there's a good chance that the first time they'd hear about it is when some user came to them complaining about someone reading their files. Mutt should not ship that way. If people really want this, then at a minimum, I think it needs a configure option to completely remove the feature from the code, and that should be the default. But I really don't see that it's worth all the added complexity. > Mutt is basically only used by very nerdy people That's largely true, but far from completely. I've seen Mutt used as the default mail reader at colleges (where the computing resources were not solely for computer science students and the like), and I've also seen is used by non-technical people in environments where remote access to mail was essentially only available via ssh to the mail server from a bastion host. I've seen it used by people who are perhaps nerdy, but otherwise not especially computer savvy, simply because they deal with a lot of mail and they needed something with Mutt's power. I think there are probably a great many users in one of those categories, even if they are not the majority. I myself, if I'm not mistaken, to this day have *never* used mutt solely on a system where I was the only user who had access to the machine, in roughly 7+ years of using it, in at least 4 different environments. I'm unusually capable of securing my environment, compared to the average user, and yet I would still rather have mutt force a umask of 077 in the event that I screw up. :) I really don't think it makes sense to lower Mutt's security to accomodate people who can't be bothered to type chmod once in a while. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers.
Attachment:
pgp9dQbxbZJpA.pgp
Description: PGP signature