[Evolution] Bug#526409: Bug#526409: evolution: permissions on mailbox folders are set wrong

Mon May 4 07:35:27 UTC 2009

On Mon, 4 May 2009, Yves-Alexis Perez wrote:

> On ven, 2009-05-01 at 11:25 +1000, Tim Connors wrote:
> > Package: evolution
> > Version: 2.24.5-3
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > tconnors at denman:~$ l /home/maree/.evolution/mail/local/Sent
> > -rw-r--r-- 1 maree maree 118474734 2009-05-01 08:16 /home/maree/.evolution/mail/local/Sent
> >
> > Hmmm.  Would it be a good idea to set ~/.evolution to 700 perhaps?  Or
> > just adopt a restrictive umask for the whole of evolution (mail being
> > a rather more sensitive application than most)?
> >
> > Many site policies are for home directories to be world or group
> > readable, and trusting users not to be stupid with their permissions.
> > Unfortunately this breaks down when the applications themselves are
> > stupid.
> >
> > This affects upstream as well, as verified by several installations of
> > deadrat and the like installed over many years at work.
>
> Are you saying that if you change .evolution permissions to 700, they
> are set back to 744 after evolution run? Because they aren't here.
>
> If you say that evolution should create folder/files with more
> restrictive defaults, I disagree.

Yes, I'm saying they should be created with more restrictive defaults.

> evolution should just use what the
> current umask is. If you want it to another value, just set it in you
> environment before running evolution (isn't that the purpose of umask
> anyway?). Multi-user systems running evolution aren't that frequent, I
> guess (multi-user systems aren't that frequent anyway, these days) and
> you can adjust the permissions for your ~ and .evolution in a lot of
> different ways. No need to add complexity to that huge stack of code.

Family machines?  (eg, the machine I found this bug on.  I myself wouldn't
use evolution or indeed desktop environments if I was forced at gunpoint,
but that's what mum uses.  In desktop environments, good luck setting a
sensible umask.)

What kind of complexity is

int main(...) {
   umask(0700);
   ...
}
?

Since mail (and web browser profiles - I believe firefox does this, and
opera certainly does) is about the only thing of this kind of sensitivity,
it should explicitly set mail permissions.

More sensible MTAs like alpine and mutt do this (indeed, alpine warns you
if you have silly permissions).

-- 
TimC
Dijkstra probably hates me
(Linus Torvalds, on gotos in kernel/sched.c)