On Fri, Aug 07, 2020 at 02:31:01PM +0200, Steffen Nurpmeso wrote: > Derek Martin wrote in > <20200806234050.gb8...@bladeshadow.org>: > |On Fri, Aug 07, 2020 at 12:56:34AM +0200, Vincent Lefevre wrote: > |> On 2020-08-06 10:50:23 -0500, Derek Martin wrote: > |>> On Wed, Jul 29, 2020 at 12:55:07PM -0500, Derek Martin wrote: > |>>> On Tue, Jul 28, 2020 at 08:03:23PM +0200, sacham...@s0c4.net wrote: > |>>>> The thread, and even older threads referenced there, is from 2007. > |>>>> Since then, the security field have evolved - now we have SeLinux, > |>>>> Apparmor and other techniques which are capable to provide even > |>>>> better security than umask(077) > |>>> > |>>> None of those changes affect this issue in any meaningful way. > |>>> SELinux predates that thread by at least two years (longer, though it > |>>> was not generally available to the public until ~2005). The arguments > |>>> made in those threads still stand, and I will not repeat them here. > |>> > |>> And FWIW, here's a more precise and detailed description I posted MUCH > |>> more recently than 2007, which explains why this is a bad idea. > |>> Everything here remains true, regardless of any evolution you think > |>> has happened in the security world. > |>> > |>> https://www.mail-archive.com/mutt-users@mutt.org/msg49810.html > ... > |Are you serious, Vincent? I'm pretty sure you well know that this is > |a horrible idea, clearly contrary to best security practices, that no > ... > |> On such a system using umask (007) for secondary ids seems logical > |> and safe. > | > |No, it doesn't. Even if someone were to run Mutt on such a horribly > |mismanaged system, its system security is generally suspect, so it is > |even more important for Mutt to make sure the files are never saved > |readable by anyone other than the user who created them. Regardless, > |Mutt should stick to its guns concerning maintaining the security of > |its users' files. > | > |And remember, what we're trading here is the, what, 3 seconds it takes > |for the user to type "chmod 644 *" (or similar) if they really want to > |do this. It's a small price to pay for the best insurance available > |that no one is ever able to read your sensitive mail attachments > |without you explicitly taking action to allow them to. You'll never > |be able to blame Mutt for this. > > I take that bait. As an outsider i nonetheless think this is very > much of an over- reaction. Users have an umask, and they usually > have it for a reason.
You obviously didn't read the post. It explains why the umask for mail clients should not be treated the same as for everything else the user does. > I do not really see a security threat, And that is the problem. But this also is explained in the post. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
signature.asc
Description: PGP signature
