it seems that, when Thunar is started as daemon, part of the session, it's run before any umask is set. Then, when it creates files for folders, it creates them with 666 or 777 permissions which is a bit insecure.
When starting from the terminal, with a umask correctly set, it works pretty fine. It'd be nice to have a more secure default value.
Thanks for the work!
Hmhm, it's a bit more complicated.
The umask is sometimes correctly picked, sometimes not, depending on how it's started (Terminal, shortcut, xfrun4 etc.) and if it's started as a daemon.
But anyway the default permissions should be fixed to something saner (I'd advise 0700 and 0600 but if it's too paranoid, 0755 and 0644 might make sense)
So, when taking a look at the source code, this is what I found out:
Creating directories (_thunar_vfs_io_jobs_mkdir) calls umask(0)
which returns the current umask value and resets it to 0. The
problem is that we never set the umask back to its previous value
after this. So after creating the first directory, umask is broken.
Creating files (_thunar_vfs_io_jobs_create) is different. We pass
DEFFILEMODE to g_open() when creating a new file. This is weird as
this macro is BSD-specific (!) and usually set to 0666. We don't
respect umask at all here but for some reason files on Yves-Alexis'
machine still end up being created with 0644. This even works after
creating the first directory, so for some reason the issue above
doesn't apply to the creation of new files.
The first issue is easy to fix: use getumask() if available,
otherwise use something along these lines:
mode_t mask = umask(0);
/* we can now use the mask variable */
I'm not sure about how to proceed with DEFFILEMODE yet.
*** This bug has been marked as a duplicate of bug 3532 ***