On Fri, Jul 31, 2015 at 6:36 PM, Daniel Shahaf <d...@daniel.shahaf.name> wrote: >...
> Two questions: > > - When one side of the diff is in the OS filesystem, do we still fold > its value to 644/755 for output? > > - If yes, how do we choose between 644 and 755? (e.g., do we use > "x & 0111 == 0111", or "x & 0100 == 0100", or access(X_OK), or …) > > My answer to the first question is "yes", as discussed above. > Whatever the answer, I don't think the client should _ever_ set group/world *write* [directed by the "server"]. Maybe not execute, too. That just screams for creating a point of abuse. (maybe umask applies, but I'd prefer to ignore that; we're getting perm bits from (potentially) an untrusted server) Cheers, -g
