Re: {FILENAME} [Pan-users] Re: Save attachment file permissions

Tue, 17 Feb 2009 08:03:03 -0800 

Dear Duncan,
After finding the group and then the thread, then confirming the right post, I downloaded (to cache, my default download action) it, then when it was all in cache, hit save, and selected save both text and attachments, since I wanted to investigate what on the raw message contains if the attachment should prove to save with the executable bit set while other messages don't. 

Resulting permissions on the executable:

0750 -rwxr-x---


OK, the permissions honor umask (0027), but the executable bit is set if 
allowed.  Hmm...



That agrees with what I saw, but I have umask = 022 hence chmod=755 in 
my case.



But we still don't know whether it's pan itself, or simply something in 
gtk that pan doesn't overrule (what I expect, I still see no reason for 
pan to manage permissions itself, but if GTK is doing it by default... or 
it could be another library), or perhaps something in the desktop 
environment (KDE) or something else not yet known.


Meanwhile, taking a look at the raw message...



I posted earlier (seems to never have arrived) that looking at the 
non-decoded yEnc message (e.g. Thunderbird) there is a line with "begin 
755 something.avi.exe" so I suspect that the yEnc decoder might be 
honouring (foolishly) such a mask.



I have no idea if Pan relies on its own code to write the decoded 
attachment, or if that is handled by some yEnc decoding library. Any 
ideas folks?



Interesting, headers indicate Giganews as the originating news server, 
and they don't seem to be forged since the path indicates a direct 
giganews > highwinds-media (my ISP's outsourced news provider) handoff... 
unless it's from highwinds-media itself, which would need more 
verification to know for sure, but it looks authentic.  I wonder if 
anyone's notified ab...@giganews yet?  They're pretty good nettizens and 
as such will probably yank his account, whoever it was.


I suspect there are quite a few of such malicious posts.


My reason for being curious in the first place was my search for a good 
system (newsreader included) that would not open up virus holes for 
friends & family, hence my trials of Ubuntu and Pan, etc.


Being a touch paranoid, I tested what happens and here we are!

Regards,
Paul



_______________________________________________
Pan-users mailing list
Pan-users@nongnu.org
http://lists.nongnu.org/mailman/listinfo/pan-users






















					Reply via email to