On Sunday 29 November 2015 00:24:15 Boris Pek wrote:
> This should be enough I think:
> > drwxr-x--- 68 diederik diederik 12288 Nov 28 17:59 ../
>
> Try something like this:
> $ LC_ALL=C su another-user -c 'ls -alp /home/diederik/.config'
> Password:
> ls: cannot access /home/diederik/.config: Pe
>> This is a wrong assumption, just look at directory access permissions:
>>
>> $ LC_ALL=C ls -alp ~/.config/ | grep '\./'
>> drwx-- 96 user user 4096 Nov 28 23:44 ./
>> drwx-- 192 user user 12288 Nov 28 22:39 ../
>
> Mine are not the same:
>
> diederik@bagend:~$ LC_ALL=C ls -alp ~/.con
On Saturday 28 November 2015 23:57:38 Boris Pek wrote:
> This is a wrong assumption, just look at directory access permissions:
>
> $ LC_ALL=C ls -alp ~/.config/ | grep '\./'
> drwx-- 96 user user 4096 Nov 28 23:44 ./
> drwx-- 192 user user 12288 Nov 28 22:39 ../
Mine are not the same
Hi,
> As I was trying to setup CertFP I had a look at
> ~/.config/quassel-irc.org and noticed the following:
> -rw-r--r-- 1 diederik diederik 8101 nov 28 03:01 quasselclient.conf
>
> Looking into that file I could easily see my password and that combined
> with the security settings of that file d
Package: quassel-client
Version: 1:0.12.2-2
Severity: grave
Tags: security
Justification: user security hole
As I was trying to setup CertFP I had a look at
~/.config/quassel-irc.org and noticed the following:
-rw-r--r-- 1 diederik diederik 8101 nov 28 03:01 quasselclient.conf
Looking into that f