There are valid reasons for sockets to have those permissions. Just calling you on the falsehood you were presenting. I suppose its my fault for believe you were claiming Ubuntu had some fancy magic in /tmp to keep file permissions set to mode 600 when actually all you were claiming is that one particular shell tool creates mode 600 files in /tmp It also has world-readable files in /tmp. I just went to check a friend’s Ubuntu system. It depends on what tool creates the tmp file, doesn’t it? Did you think mktemp is the only tmpfile tool in the world? Here I thought you were claiming Ubuntu made all /tmp files mode 600. rw-rw-r– 1 jbriggs jbriggs 23567 Aug 6 15:15 j2Īs you can see, some files are 600, others are not. Srwxrwxr-x 1 jbriggs jbriggs 0 Jun 15 09:58 gnome-system-monitor.jbriggs.2299393145 rw-rw-r– 1 erempillo erempillo 4199 Aug 7 00:17 erempillo.cvsactiveCollabCacheĭrwx- 2 jbriggs jbriggs 4096 Aug 6 15:42 gconfd-jbriggs rw-rw-r– 1 cblaise cblaise 13685 Aug 7 09:56 cblaise.cvsactiveCollabCache Srwxrwxr-x 1 btiemessen btiemessen 0 catsock Then you are a moron, an idiot, an impolite person, and other bad names. And yes, barring that, I am calling you a liar. Please point me to a version of Fedora that acts as you claim. And there are no files in /tmp which have read permission for ‘other’. mktemp always creates files with mode 600. I just spot checked RHEL4 (based on Fedora Core 3) and Fedora 8. Ubuntu/Debian is probably the only Linux distro that does chmod 600 tmp file creation. Perhaps someone with MacOSX would like to run:Īnd report their results. That Apple can’t get this right is disgraceful, and rightly should make us wonder what other elementary blunders they are making elsewhere. I’ve just spot-checked my /tmp tree and there are no files with read or write permission for ‘other’. I just ran /bin/mktemp and it properly created a file in /tmp with 600 permissions. On my Ubuntu box my umask is the standard 0022. It’s hard to think of a time that a tmp file should be world readable.Ī temporary pipe or socket, perhaps, in some specific cases. I think that the actual problem here is the “If security is a concern” part. I would modify that to just “tmp files should not be created with the default umask but should be created with the most restrictive permissions possible”.
If security is a concern, tmp files should not be created with the default umask but should be created with the most restrictive permissions possible unless explicitly specified otherwise.
Maybe I’ll give Thunderbird a try when they finally release a more native-interface release version like Firefox 3 is.ĭoesn’t matter. If I was *really* concerned about security I’d also dump Mail.app in favor of Thunderbird or better yet Mutt or the like, but Mail.app is such a good mail program to use in Leopard that I can’t bear to be without it’s usability.
#Thunderbird mac os 10.5.8 update#
I also run a program that scans versiontracker to see if my programs are up to date, as well of course as regularly running Apple Update for important things like Quicktime, Safari (even if you don’t use Safari, quite a few other programs do! The situation’s not as crazy as IE on Windows, but a lot of programs do use WebKit to display HTML and the like as well as the Dashboard, etc…) and the OS updates. (Which does more than just selectively filter javascript domains.) What I do is harden my system as much as possible, by running an ipfw firewall (you can use a graphical front end to it like NoobProof or Waterroof) and little snitch, and using Firefox with the NoScript plug-in rather than Safari. Even on Windows, signature-based virus scanning is not very effective anymore even where viruses are a threat. I don’t actually run an antivirus, viruses per-se aren’t the main malware vector for Macs and they take up a lot of resources. By now, the Mac OS has a large enough market share to be vulnerable. When I used BeOS, I had “security through obscurity” because the common “teenager hacking software” doesn’t understand BeOS.
#Thunderbird mac os 10.5.8 install#
I’m the only one who’s touching my own MacBook but just to be safe I did install iAntiVirus and MacScan.
0 kommentar(er)
