Re: [vile] vile-9.7q.patch.gz

[Paul van Tilburg]

On Wed, May 27, 2009 at 06:10:18AM -0400, Thomas Dickey wrote:
> On Wed, 27 May 2009, Thomas Dickey wrote:
>> On Wed, 27 May 2009, Paul van Tilburg wrote:
>>> Yes, the problem is that I can set popup-msgs in my .vilerc, but it
>>> is never reached because it's mode 664 and therefore ignored.
>>> So we seem to have a cyclic issue here.
>>
>> I see.  Is there a good reason for making dot-files 0664?  (I don't do 
>> that of course; I do recall some pre-configured accounts setting umask 
>> of 002, though it's easy to find opinions against that).

Yes, well.  It seems my shell sets umask 002 if the system has
user privacy groups, as is the default on Debian system at least.
While I am member of some user groups so I can manipulate their data,
this may be specific cases.  I have no problem with 002, I sometimes
perceive apps that complain it to be a bit too strict, but I can't
think of these opinions against that at the moment.  (IMO if ppl can
level themselves to my GID, they probably can to me UID too.)

> I could make popup-msgs turn on by default if $HOME/.vilerc is insecure.
> Is that a reasonable compromise?

Yes, that would break the cycle.  Regardless the discussion whether
umask 002 is bad and mode 644 config files are a good thing, I think
it would be nice in general if vile warns if it cannot read the user's
config for any reason.

Kind regards,
Paul

P.S. I'm not really looking forward to chmod'ing all my .vile* stuff
 on dozens of machines, but OK. :)

-- 
PhD Student @ Eindhoven                     | email: address@hidden
University of Technology, The Netherlands   | JID: address@hidden
>>> Using the Power of Debian GNU/Linux <<< | GnuPG key ID: 0x50064181