[dcc2] MultiFile Transfer Headers

[justin at dynam.ac]

Quoting codemstr at ptdprolog.net:

>
> > File permissions are a bit tricky, since each platform can specify them in
> > a different manner.  Any suggestions?
>
> I think the best suggestion is to ditch this idea. The reason is, it is much
> MUCH more complex than simply adding a UNIX style bitmask. For example,
> Solaris2 supports ACLs. So should we transmit the ACL? That could be huge.
> Windows NT also has an ACL type thing. And some systems have more than the
> simple rwx system. Windows, for example, has the binary/text flag. Windows
> also has the archive flag, the system file flag, and even the OS protected
> file flag. Should they be sent? Some OSes allow you to treat an "append"
> different than a "write." And even on many UNIX based OSes. You have the S
> flag (setuid, setgid, sticky). Plus, as someone else mentioned, you have
> security issues/potential user confusion. "I just downloaded this file, how
> come it won't let me write to it???" (+r) "It's .sh, why won't my system let
> me execute it???" (-x) etc. Personally, I think the user should have control
> over what the permissions are for file on his/her own system, not the sender.
>

I agree with Codemastr. This sounds like useless bloat. I don't know of any
other p2p file protocol that handles permissions, why should DCC2 do it?

Additionally, if its not done right, I think it could lead to security issues.
(mark a file executable, call it bash, or whatever, and send to a unix user. If
they are ignorant (and lets admit, there are lots of "newbie" linux users out
there) it could be easier to backdoor. Sure, some social engineering is
required, but still, I mean, whats the benifit of specifing permissions? none
that I can really see.

- Justin