Re: Bug#3189: nvi over-cautious about .exrc?
> On Tue, 4 Jun 1996, Ian Jackson wrote:
> >It is not the business of programs to check the permissions of the
> >dotfiles in users' home directories.
> I agree. I chased my tail for quite a while some time back because of
> what I recall as procmail's concern over the permissions on my .forward
> file. It didn't complain, it just didn't work as I expected from reading
> the docs.
But for a large system with many users (of varying levels of clue) it
is very beneficial for the SysAdmin that a user can't accidentally create
a writeable .forward file. With a large enough system, a hacker could
just look for a writeable .forward and, statistically, be fairly sure to
I think /some/ apps need to check permissions to prevent inevitable security
holes from popping up. Ideally, those permission requirements should be
1. minimal - i.e. "no write access for group/other on .forward"
2. well documented
This may not be important for nvi, though I think it is, but it is clear
to me that it *is* the business of some programs to check permissions.
Not all Debian users will be as smart as Debian installers/admins.