[Pan-users] Re: Save attachment file permissions

[Duncan]

walt <address@hidden> posted
address@hidden, excerpted below, on  Sun, 22 Feb 2009 00:06:50
+0000:

> On Thu, 19 Feb 2009 23:35:32 +0000, Duncan wrote:
> 
>> The thing is, however, that UUE includes the file permission field, and
>> even Windows apps will need to put /something/ there.  My question
>> would be what gravity puts there, and where it gets it (some config
>> option, a default, asks each time, looks to see if it's an exe and adds
>> exe perms, what?)...
> 
> I couldn't resist that challenge, so I installed the latest Gravity beta
> on a virtual XP machine (so I can revert any bad decisions with the
> click of a virtual button) and I can say with absolute conviction that
> my results were ambiguous :o)
> 
> Take a look at gmane.test to see for yourself.

Actually, they make perfect sense to me.  No ambiguousness. =:^)

BTW, how did you check the posted perms?  Saving the raw message text and 
opening that file to see what Gravity actually sent in the permissions 
field (what I just did), or just saving the file using pan to see how it 
saved it (not necessarily accurate if you're testing Gravity, not pan, 
and not the interaction of the two)?

> I created an empty linux file named uuencode (a confusing choice of
> names)

Yes, confusing indeed!  I didn't realize /how/ confusing until I went 
over to .test and looked at your tests myself.

> did a chmod +x on it, and posted it *twice* using Gravity.  The
> first time using *mime* encoding, and the second time with uuencode. 

I take it the MIME encoding is the one you were confused about.  It's 
simple, really.  MIME doesn't have a Unix permissions field at all, so 
whatever gets saved when the attachment is saved, is the receiver-side 
default, which with pan happens to be 644 if I groked the uulib code 
correctly.

Only UUE and yEnc have a Unix permissions field for the sender to fill in.

> (Gravity makes it trivial to pick which one you want.)  (I used samba to
> make the linux file accessible to the virtual XP machine.)  (This is my
> record for the most parenthetical comments in one paragraph.)

And I thought I was bad with parentheticals. =;^)

But, your mention of SAMBA jarred my thinking.  If I'm not mistaken (and 
maybe I am as I've never used SAMBA), Windows won't see Unix file 
permissions no matter what serves up the file.  It's just not designed to 
work that way.  Let me ask you this.  Using Explorer to browse the SAMBA 
shares, do the files show up with the appropriate permissions?  Are they 
actually honored?  (The best way I can think of to test that with the exe 
bit would be to take a Windows executable and make a second copy, 
different name, in the same directory.  Then set the executable bit on 
one, and clear it on the other.  Now in Windows, will Windows execute 
just the one with the executable bit, both, or neither, or is it totally 
contrary and will only execute the one /without/ the executable bit?)  
I'd suppose not.

If the above is correct and Windows doesn't see (or sees, but ignores) 
the permissions, then you could permission bitflip all day and it 
wouldn't make a bit of difference to Gravity, because it's using the 
standard Windows API to access the files, so couldn't know anything more 
about them than the standard Windows API shows it.

> Anyway, it took me a while to figure out that Gravity won't post an
> empty attachment, so I did it again with a small text file that I did a
> chmod +x on before posting.

OK, that makes sense, except that as I said, I doubt the chmod did a 
thing in terms of what Gravity did.

> I still found the result confusing, so just now I posted a file that I
> named '705.txt' because I gave it 705 permissions -- a pretty unlikely
> set of perms.

OK, that's smart thinking... except as I said, I seriously doubt Gravity 
cares at all what the perms were, as long as it could read the file and 
therefore post it.

> I find that Gravity still posted it with 755 perms, so I think the
> question is answered:  it uses 755 by default and ignores any real *ix
> perms.

Yes, that pretty well answers the question.  So whoever it was that 
posted that trojan didn't have to hack anything to get it to post the 755 
perms.

> As an aside, I found Gravity to remain based in the stone ages of Win9x:
> it still installs its data/config files (like ~/.pan2) in its own binary
> installation directory (C:\Program Files\Gravity\) which is a sad
> commentary on the whole Windows paradigm considering that Gravity is
> still actively maintained on sourceforge.net :o(
> 
> Seems like we're making little progress in the M$ world...

Which raises a good question, at least here.  Since with eXPrivacy MS 
passed a line I would not and could not pass, thus actually pushing me to 
Linux (which I had been thinking about and agreed with intellectually 
previous to that, but after nearly a decade on MS and as an MS power user 
and "advanced beginner to intermediate level" programmer, I'm honestly 
not sure I'd have ever made the jump if MS hadn't pushed me by crossing 
that line I couldn't follow it passed), Windows 98 is actually the last 
MS I was familiar with.  Thus, I really haven't the foggiest what MS 
"best practice" might be in this or pretty much any other regard, today.  
Do normal MS programs still store their data files in the program files 
dir (assuming the registry isn't enough for them), or do they store them 
elsewhere, and if so, where?  Yes, Gravity appears to still be using the 
W98 paradigm, but is that still MS "best practice" in that regard, or has 
MS changed and Gravity stood still?  Does MS normally require admin 
permissions to write to the system Program Files dir and individual 
program subdirs?  Does Gravity at least use user-specific files in that 
dir, or would multiple users' data all be in the same common 
configuration?

You know, it has been /years/ since I thought about that sort of thing!  
I now just take for granted that there's a system general config, and 
that any user files will be written to files or better a subdir in an 
individual user's home.  Even considering anything else... is like I just 
stepped into a time machine and went back a decade.  (Is that /all/ it 
was?  /Only less than a decade ago?  WOW!)

But really, we were discussing anti-virus somewhere a few days ago too, 
and the notion of having to scan everything just seems so... quaint... 
now.  As does the whole EULA thing.  You mean programmers actually expect 
people to agree to those things, and what's even /more/ astounding, 
people actually /do/ so?!?  How... astoundingly... backward!!

I mean, honestly, I feel a bit like the characters in Star Trek, The 
Voyage Home, were supposed to have felt, picking up a mouse and trying to 
speak to the computer!  But what's the sickest is that people actually 
accept it as normal, knowing no better, or even WORSE, when they DO know 
better!!  If it was just quaint software it would be one thing, but 
people actually think this is acceptable behavior for a modern computer 
program!  Not even to mention the whole gotta call in and get permission 
to run it or it goes into some reduced functionality mode after a few 
days!

OTOH, I guess you must have agreed to the EULA and etc to install it in 
your virtual machine, too.  Doesn't that make you feel kinda... used... 
slimy... like you've just been raped or something?

Well, I guess I got rather on a rant, and yes I know not everyone shares 
my ideals, but honestly, now days I *DO* take offense, when a EULA comes 
up or something.  It's as if they think I'm subhuman or something.  Like 
as if I'd actually consider signing away my rights.  Like it's something 
they can even ASK me to do, in "polite" society.  To me, it really IS an 
insult!  They don't even think I respect myself and my own rights enough 
that they can actually even bring it up!  That's one thing I do NOT do 
now, EVER!  If I wanted a beautiful young woman to sleep with me, she'd 
be right to be insulted if I asked her if she'd sell herself for a buck.  
Well, these guys are asking me to sell myself for the "privilege" of 
running their software.  It's slimy, gross, and not only will I not do 
it, but I'm insulted they'd even consider it acceptable to ask!

Yes, I DO realize I'm not the /ordinary/ person.  And I'm proud of it, 
but regardless, there's no way in **** I'm cheap enough to sign away my 
rights just to run their stupid software!

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman