[Pan-users] Save attachment file permissions

[Paul Crawford]

I just tried saving a suspect file of the avi.exe sort to see how it 
behaved under LINUX using Pan 0.132 and I found it used '755' permission 
settings thus rendering it (theoretically, at least) executable.

OK, I know this is a Windows virus file, but it seems very bad practice 
as no doubt someone could post a shell script of malicious program for 
LINUX as well.

Should it not default to '644' under *all* cases, and at least force the 
user to use chmod if they REALLY do want to execute some downloaded 
attachment?

Thinking here of my non-tech family who now enjoy the relative lack of 
software threats by "embracing the penguin"...