<<< Date Index >>>     <<< Thread Index >>>

Re: [PATCH] Remove absolute paths from gpg.rc



On Thu, Mar 22, 2007 at 06:25:27PM -0700, William Yardley wrote:
> On Thu, Mar 22, 2007 at 08:45:20PM -0400, Derek Martin wrote:
> > On Thu, Mar 22, 2007 at 04:34:44PM +0000, Dave wrote:

> This thread is making my head hurt.

Sorry about that ... may I suggest a cup of orange juice?

> I use mutt on a machine with basically no other users, and often wish to
> copy attachments to a web-accessible location in order to view them more
> easily. Doing this means I have to save the attachment, suspend mutt,
> change each file's mode, and then go back into mutt. Now is this the
> most secure thing to do? Maybe not, but it's the most convenient for me.
> I know a lot of other people who do similar things.

You misunderstand.  The fact that you can suspend Mutt, change the permissions,
and then restore Mutt, is just a bug in the current version.  It'll be fixed
soon enough, with a new MD5 of the mode of every file in your system.  If you
try to restore Mutt after mucking with the mode on any sensitive file, Mutt will
attempt to exploit a vulnerability in current kernels to gain superuser
privileges, and bring down the system.  How dare you treat attachments that
people sent you with such disregard for their privacy!?!

> I think it's reasonable to at the very least make the mode of saved
> attachments configurable (whether this comes from a config setting or
> the user's umask doesn't matter, though I can see the argument for the
> former). That allows people to configure mutt to do what they want, but
> still makes it difficult for them to accidentally do so by simply having
> a more permissive umask. I don't see how anyone who configures mutt this
> way and then has a problem can (reasonably) complain that it's mutt's
> fault. Mutt is basically only used by very nerdy people, and the
> software itself takes the philosophy of giving people enough rope to
> hang themselves. I don't see why this should be any different.

You've been terribly misinformed.  Modern UNIX is about programmers carefully
laying little bits of rope in strategic locations, with special attention to
global security, and protection of the RIAA's assets.  You have no right to hang
yourself, and besides, Democracy says you probably don't want to, anyway, so why
bother even making a configuration option for requesting more rope?

> And please, guys... turn down the heat a little.

Eeek!

 - Dave