From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 73E366DE0207 for ; Thu, 8 Feb 2018 17:58:44 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.011 X-Spam-Level: X-Spam-Status: No, score=-0.011 tagged_above=-999 required=5 tests=[SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q47lO7EJ9Sg1 for ; Thu, 8 Feb 2018 17:58:42 -0800 (PST) X-Greylist: delayed 352 seconds by postgrey-1.36 at arlo; Thu, 08 Feb 2018 17:58:42 PST Received: from istari.evenmere.org (istari.evenmere.org [136.248.125.194]) by arlo.cworth.org (Postfix) with ESMTP id 804D66DE004D for ; Thu, 8 Feb 2018 17:58:42 -0800 (PST) Received: by istari.evenmere.org (Postfix, from userid 113) id CD2D71E0062; Thu, 8 Feb 2018 20:52:47 -0500 (EST) Received: from [172.30.19.236] (unknown [72.246.0.14]) by istari.evenmere.org (Postfix) with ESMTPSA id B25B01E0062; Thu, 8 Feb 2018 20:52:45 -0500 (EST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: [PATCH v2] cli/insert: new message file can be world-readable (rely on umask) From: Brian Sniffen X-Mailer: iPhone Mail (15E5167f) In-Reply-To: <87k1vnuehz.fsf@fifthhorseman.net> Date: Thu, 8 Feb 2018 20:52:41 -0500 Cc: Notmuch Mail Content-Transfer-Encoding: quoted-printable Message-Id: References: <20180205225920.GL1824@hili.localdomain> <20180206194356.28438-1-dkg@fifthhorseman.net> <87k1vnuehz.fsf@fifthhorseman.net> To: Daniel Kahn Gillmor X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2018 01:58:44 -0000 If there=E2=80=99s a hidden danger in these modes, better to leave the switc= h requiring octal tunes! --=20 Brian Sniffen > On Feb 8, 2018, at 8:40 PM, Daniel Kahn Gillmor wr= ote: >=20 >> On Tue 2018-02-06 14:43:56 -0500, Daniel Kahn Gillmor wrote: >> There are legitimate cases (public archives) where a user might >> actually want their archive to be readable to the world. >>=20 >> "notmuch insert" historically used mode 0600 (unreadable by group or >> other), but that choice doesn't appear to have been specifically >> justified (perhaps an abundance of caution?). >>=20 >> This patch also adjusts the default mode used for --create-folder, to >> be mode 0755 before the application of the umask. >>=20 >> If the user wants "notmuch insert" to create files or folders that are >> not readable by group or other, they can set their umask more >> restrictively. >=20 > I'm now having second thoughts about this. >=20 > postfix's local delivery agent has apparently been delivering with mode > 0600 for nearly 20 years: >=20 > https://github.com/vdukhovni/postfix/blame/master/postfix/src/local/mai= ldir.c#L188 >=20 > And dovecot's lda defaults to 0600 on delivery: >=20 > https://sources.debian.org/src/dovecot/1:2.2.33.2-1/src/lib-storage/mai= l-storage.c/?hl=3D2591#L2591 >=20 > So maybe there's something i don't know about why a delivery agent would > want to have this restrictive mask? >=20 > Perhaps a better way to fix this is with a new option to notmuch insert. >=20 > on IRC, bremner suggests something flexible like --mode=3D0600 >=20 > I'm more inclined to keep it simpler and more usable (most people don't > know octal, let alone unix permissions bits) and just have a boolean > --world-readable which defaults to false (and switches between modes > 0600 and 0644 for files, and 0700 and 0755 for directories). >=20 > Any thoughts? >=20 > --dkg > _______________________________________________ > notmuch mailing list > notmuch@notmuchmail.org > https://notmuchmail.org/mailman/listinfo/notmuch