Shura, This partially answers my question. The real problem is that eclipse creates the password file with 644 permissions and the directories with 755 permissions. In my opinion this is too permissive. It should create the file with 600 or 400 and the directories with 700. Let's discuss this with the rest of the committee in 10 minutes.
Thanks, John On Tue, 2008-11-11 at 09:20, Alexandre (Shura) Iline wrote: > John, thanks for the explanation. > > All dirs Eclipse creates in and including ~/.eclipse has 755 permissions. > Password file is 644. > > If I change the permissions to 700 and 600, it is still able to work. > > Does it answer your question? > > Shura. > > On Tuesday 11 November 2008 20:00:37 John Fischer wrote: > > Shura, > > > > Typically these types of directories have permissions of > > drwx------. Sometimes these directories will have permissions > > of drwxr-xr-x. Here are a couple of examples from my home > > directory: > > > > drwxr-xr-x 2 johnf staff 512 Mar 16 2005 .desktop/ > > drwxr-xr-x 2 johnf staff 512 May 22 2003 .dist/ > > drwxr-xr-x 15 johnf staff 512 Oct 8 09:20 .dt/ > > > > Now if there is sensitive data stored within the directories > > that have the group and other permissions with the read bit > > set we need to insure that the password file still has some > > level of protection. Typically these files are only owner > > readable (-rw------- (0600) or -r-------- (0400)). There are > > several programs on Solaris that when they notice that the > > permissions are not 0600 or 0400 will exit or not use the > > file. Does eclipse provide this level of protection for > > the password file it stores in the home directory? > > > > Thanks, > > > > John > > > > On Tue, 2008-11-11 at 00:31, Alexandre (Shura) Iline wrote: > > > On Monday 10 November 2008 19:13:31 John Fischer wrote: > > > > Shura, > > > > > > > > What are the permissions of the directories and > > > > file secure_storage? Assuming that the directories > > > > and file permissions are supposed to be readable and > > > > writable by the owner only what happens if the > > > > permissions are otherwise? > > > > > > I did not check this scenario. This is an unlikely one, though. > > > > > > Normally, ~/.* directories and files are configuration files for some > > > systems or programs, such as .bashrc, for instance. > > > > > > Is there a case when such files are not writeable? > > > > > > Shura. > > > > > > > Thanks, > > > > > > > > John > > > > > > > > On Mon, 2008-11-10 at 05:56, Alexandre (Shura) Iline wrote: > > > > > Hi. > > > > > > > > > > Eclipse simply stores encrypted passwords into a file. > > > > > > > > > > The file is > > > > > ~/.eclipse/org.eclipse.equinox.security/secure_storage file. > > > > > > > > > > No security issue here as far as I can see. > > > > > > > > > > Shura. > >
