On 2014-04-25 15:26, Zack Weinberg wrote: > On 04/25/2014 03:15 PM, Ralph Giles wrote: >> On 2014-04-25 11:47 AM, Mike Hoye wrote: >> >>> Because people download executable files with the expectation >>> that they can easily execute them. Agreed Here. I don't expect to have to go change file permissions every time I download a program/update/driver, etc. >> >> I ask because allowing web content to add executable files has >> security risks. URLs don't have unix permissions, but I see on >> Windows anything with a .exe extension ends up executable through >> the current download manager, so any difference would be down to >> how much control the page has over file location. > > AIUI, Windows makes no distinction between "readable" and "executable" > in file permissions. Files are executable if their extension is > recognized, and not otherwise. Windows *can* set a distinction between read and execute, but it is in the advanced options. The basic / standard interface is /Read & Execute/. > > In fact, the download manager doesn't ever make files executable in > Unixy terms, and I'm not sure I would want it to. Perhaps that bit > can be removed. (OS.File still needs to use 0777 instead of 0666 when > asked to do this to a *directory*, but that is a separate issue. That > too may never come up in practice; for instance, I think that if you > click the 'create new directory' button in the 'save file as' dialog > box, it is actually the OS's file-picker implementation that calls > mkdir() and we never get a chance to opine what its permissions should > be...) > > zw
Shouldn't creating a file or directory, simply inherit the permissions from the parent? That is what I would expect (at least on Windows) when saving a file. Why would there be a need to explicitly set the permissions? _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
