Saving attachments in KMail

fweng

Beginner

Posts: 19

Location: Taiwan

Occupation: Software engineer

1

Monday, July 31st 2006, 10:06am

Hi, forum.

When saving attachments in KMail, it always saved files with permission 0600.
Sometimes it is not convenient.

Someone reported this to bugs.kde.org 2 years ago, but it seemed that nobody thought it a (need-to-solve) problem.

I sent a patch to bugs.kde.org. I added some checkbox in the configuration page, letting users choose if they want to save attachments as user/group/other read/writable, and it worked. (But the interface is ... hmm... quite stupid.)

Hope that some kmail developers can take a look at it, and give me some suggestions if necessary. I also hope that this feature can be accepted as soon as possible.

This post has been edited 1 times, last edit by "fweng" (Jul 31st 2006, 10:07am)

Go to the top of the page

Rinse

Professional

Posts: 797

2

Monday, July 31st 2006, 11:35pm

I think that it is considered a security problem.

If you want to make files accessible for other users, you could create a seperate directory or partition and make the permissions in that directory persistent using umask or the sticky bit of the directory permission.

Regards, Rinse

Help mee om KDE 3.5.5 in het Nederlands te vertalen

Go to the top of the page

fweng

Beginner

Posts: 19

Location: Taiwan

Occupation: Software engineer

3

Tuesday, August 1st 2006, 2:54am

Hi, thanks for your reply.

I agreed with you about the security issue.

However, I think it can be (and should be) decided by users. Developers do not need to decide it for users, right?

Just like HTML-messages-view problem. It has a security concern to view HTML messages directly. However, if users insist viewing HTML messages directly, you have to let them go. Don't you?

So, I think that it would be better to remind users of security problems, and let them decide.

Go to the top of the page

Rinse

Professional

Posts: 797

4

Tuesday, August 1st 2006, 8:37am

Quoted

Originally posted by fweng
However, I think it can be (and should be) decided by users. Developers do not need to decide it for users, right?

Well actually, developers always decide for the user

Quoted

Just like HTML-messages-view problem. It has a security concern to view HTML messages directly. However, if users insist viewing HTML messages directly, you have to let them go. Don't you?

html viewing was implemented on popular demand, html messages are very common these days, so not implementing it would have kept kmail too far behind.
But they did not just implement HTML in kmail, they also made sure that stuf like java, javascript, flash, background images, etc were not possible, and put in some precautions that inform the user that he/she is viewing a html-message.

Quoted

So, I think that it would be better to remind users of security problems, and let them decide.

Well, that's what MS did with Outlook Express, and look what happend :rolleyes:

But in what situation is saving files with 600 as permissions not convinient?
In Linux, that's the default permission setting for your home directory.

Help mee om KDE 3.5.5 in het Nederlands te vertalen

Go to the top of the page

fweng

Beginner

Posts: 19

Location: Taiwan

Occupation: Software engineer

5

Tuesday, August 1st 2006, 9:09am

Quoted

Originally posted by Rinse
But in what situation is saving files with 600 as permissions not convinient?
In Linux, that's the default permission setting for your home directory.

Well, for example in my case, Mr. A mailed his applications to me and I had to save them to a position, where Mr. B would sync with it some time later. Right now I have to change the permissions of saved files so that Mr. B could be able to sync (copy) to his machine.

Yes, it can be solved using directory sticky bit, (actually I forgot about this feature

), or using a partition with umask set. For those who know how to set directory's sticky bit or who are able to make a partition with umask set, it is not a problem. But what if they know nothing about this way, or they are not able to do that?

Regards,
fweng