[Pkg-kde-extras] Bug#884652: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file
On 12/18/2017 05:32 PM, Diederik de Haas wrote: On maandag 18 december 2017 06:21:44 CET Heinrich Schuchardt wrote: the configuration of quassel client is stored in ~/.config/quassel-irc.org/quasselclient.conf This file was created on my system as chmod 644. So it is world readable. That's also what I thought, but it's not as bad as one would think. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806500 for details Not encoding the password means that any user application can fetch it and send it to the internet even if ~/.config is chmod 700. Can anything be worse? Best regards Henrich ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#884652: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file
On maandag 18 december 2017 06:21:44 CET Heinrich Schuchardt wrote: > the configuration of quassel client is stored in > ~/.config/quassel-irc.org/quasselclient.conf > This file was created on my system as chmod 644. So it is world readable. That's also what I thought, but it's not as bad as one would think. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806500 for details signature.asc Description: This is a digitally signed message part. ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras