On 12/18/2017 05:32 PM, Diederik de Haas wrote:
On maandag 18 december 2017 06:21:44 CET Heinrich Schuchardt wrote:
the configuration of quassel client is stored in
This file was created on my system as chmod 644. So it is world readable.

That's also what I thought, but it's not as bad as one would think.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806500 for details

Not encoding the password means that any user application can fetch it and send it to the internet even if ~/.config is chmod 700.

Can anything be worse?

Best regards


pkg-kde-extras mailing list

Reply via email to