Re: J-Pilot Permissions Vulnerability

[Robert Bihlmeyer <robbe () ORCUS PRIV AT>]

Judd Montgomery <judd () ENGINEER COM> writes:

> J-Pilot has always used the pre set umask when creating directories and
> files, therefore I have never considered this to be a security risk.  It
> is up to the system administrator or the user to set the umask to
> his/her liking.

I think the umask concept is lacking here. I need at least two general
levels of modes: I'm perfectly happy with other users reading
(executing) my shell scripts, source code, etc. - so I generally leave
the umask somewhere near 022.

OTOH, there's definitely data that I would like to keep private from
everybody, or everybody outside my group: private notes, financial
data, my mail, bookmarks, and so on.

The only way one can reach this goal with umask is with wrapper
scripts (for example, gnucash could be wrapped by "(umask 077;
gnucash.real)"). For notes, I'd have to have two instances of Emacs
(public and private) running. Messy.

The alternative is to give more responsibility to applications. I
think a good approximation for J-Pilot would be to OR the umask with
044, iff there are any private records present. Other apps that
sometimes save private information could perhaps support a "private
mode" (i.e. an editor could offer a command to later save a buffer
with private umask).

Of course, ALL apps should preserve the mode of existing files unless
told otherwise ...

--
Robbe

Attachment: signature.ng
Description: