Re: Bug#3189: nvi over-cautious about .exrc?
- To: email@example.com
- Subject: Re: Bug#3189: nvi over-cautious about .exrc?
- From: Oliver Oberdorf <firstname.lastname@example.org>
- Date: Tue, 04 Jun 1996 08:30:10 -0400
- Message-id: <199606041232.IAA23963@head-cfa>
- In-reply-to: Your message of "Mon, 03 Jun 1996 22:42:15 PDT." <Pine.SUN.3.93.960603223823.17268B-100000@bb29c>
> On Tue, 4 Jun 1996, Ian Jackson wrote:
> >It is not the business of programs to check the permissions of the
> >dotfiles in users' home directories.
> I agree. I chased my tail for quite a while some time back because of
> what I recall as procmail's concern over the permissions on my .forward
> file. It didn't complain, it just didn't work as I expected from reading
> the docs.
But for a large system with many users (of varying levels of clue) it
is very beneficial for the SysAdmin that a user can't accidentally create
a writeable .forward file. With a large enough system, a hacker could
just look for a writeable .forward and, statistically, be fairly sure to
I think /some/ apps need to check permissions to prevent inevitable security
holes from popping up. Ideally, those permission requirements should be
1. minimal - i.e. "no write access for group/other on .forward"
2. well documented
This may not be important for nvi, though I think it is, but it is clear
to me that it *is* the business of some programs to check permissions.
Not all Debian users will be as smart as Debian installers/admins.