[Zeitgeist] [Bug 926652] Re: security/privacy hole in zeitgeist
** Changed in: zeitgeist (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Zeitgeist Framework Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/926652 Title: security/privacy hole in zeitgeist Status in Zeitgeist Framework: Fix Released Status in “zeitgeist” package in Ubuntu: Fix Released Bug description: zeitgeist data files don't seem to use the write permissions by default: user@machine:~/.local/share/zeitgeist$ ls -l total 7244 -rw-r--r-- 1 user user 3776512 2012-02-03 23:47 activity.sqlite -rw-rw-r-- 1 user user 1996800 2011-10-17 03:09 activity.sqlite.bck -rw-r--r-- 1 user user 1623848 2012-02-03 23:47 activity.sqlite-journal so that any user on the same machine (or with network access to the home drive), including the guest user, will be able to read the highly sensitive private information of everybody else and use it to blackmail the users, or whatever nasty things one could do with private information. this could be fixed by having the right permissions or even better by making all the privacy-killing features of ubuntu opt in... To manage notifications about this bug go to: https://bugs.launchpad.net/zeitgeist/+bug/926652/+subscriptions ___ Mailing list: https://launchpad.net/~zeitgeist Post to : zeitgeist@lists.launchpad.net Unsubscribe : https://launchpad.net/~zeitgeist More help : https://help.launchpad.net/ListHelp
[Zeitgeist] [Bug 926652] Re: security/privacy hole in zeitgeist
** Changed in: zeitgeist Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Zeitgeist Framework Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/926652 Title: security/privacy hole in zeitgeist Status in Zeitgeist Framework: Fix Released Status in “zeitgeist” package in Ubuntu: Confirmed Bug description: zeitgeist data files don't seem to use the write permissions by default: user@machine:~/.local/share/zeitgeist$ ls -l total 7244 -rw-r--r-- 1 user user 3776512 2012-02-03 23:47 activity.sqlite -rw-rw-r-- 1 user user 1996800 2011-10-17 03:09 activity.sqlite.bck -rw-r--r-- 1 user user 1623848 2012-02-03 23:47 activity.sqlite-journal so that any user on the same machine (or with network access to the home drive), including the guest user, will be able to read the highly sensitive private information of everybody else and use it to blackmail the users, or whatever nasty things one could do with private information. this could be fixed by having the right permissions or even better by making all the privacy-killing features of ubuntu opt in... To manage notifications about this bug go to: https://bugs.launchpad.net/zeitgeist/+bug/926652/+subscriptions ___ Mailing list: https://launchpad.net/~zeitgeist Post to : zeitgeist@lists.launchpad.net Unsubscribe : https://launchpad.net/~zeitgeist More help : https://help.launchpad.net/ListHelp
[Zeitgeist] [Bug 926652] Re: security/privacy hole in zeitgeist
** Changed in: zeitgeist Importance: Undecided => Low ** Changed in: zeitgeist Status: New => Fix Committed ** Changed in: zeitgeist Milestone: None => 0.9.0 -- You received this bug notification because you are a member of Zeitgeist Framework Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/926652 Title: security/privacy hole in zeitgeist Status in Zeitgeist Framework: Fix Committed Status in “zeitgeist” package in Ubuntu: Confirmed Bug description: zeitgeist data files don't seem to use the write permissions by default: user@machine:~/.local/share/zeitgeist$ ls -l total 7244 -rw-r--r-- 1 user user 3776512 2012-02-03 23:47 activity.sqlite -rw-rw-r-- 1 user user 1996800 2011-10-17 03:09 activity.sqlite.bck -rw-r--r-- 1 user user 1623848 2012-02-03 23:47 activity.sqlite-journal so that any user on the same machine (or with network access to the home drive), including the guest user, will be able to read the highly sensitive private information of everybody else and use it to blackmail the users, or whatever nasty things one could do with private information. this could be fixed by having the right permissions or even better by making all the privacy-killing features of ubuntu opt in... To manage notifications about this bug go to: https://bugs.launchpad.net/zeitgeist/+bug/926652/+subscriptions ___ Mailing list: https://launchpad.net/~zeitgeist Post to : zeitgeist@lists.launchpad.net Unsubscribe : https://launchpad.net/~zeitgeist More help : https://help.launchpad.net/ListHelp
[Zeitgeist] [Bug 926652] Re: security/privacy hole in zeitgeist
** Branch linked: lp:zeitgeist -- You received this bug notification because you are a member of Zeitgeist Framework Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/926652 Title: security/privacy hole in zeitgeist Status in Zeitgeist Framework: Fix Committed Status in “zeitgeist” package in Ubuntu: Confirmed Bug description: zeitgeist data files don't seem to use the write permissions by default: user@machine:~/.local/share/zeitgeist$ ls -l total 7244 -rw-r--r-- 1 user user 3776512 2012-02-03 23:47 activity.sqlite -rw-rw-r-- 1 user user 1996800 2011-10-17 03:09 activity.sqlite.bck -rw-r--r-- 1 user user 1623848 2012-02-03 23:47 activity.sqlite-journal so that any user on the same machine (or with network access to the home drive), including the guest user, will be able to read the highly sensitive private information of everybody else and use it to blackmail the users, or whatever nasty things one could do with private information. this could be fixed by having the right permissions or even better by making all the privacy-killing features of ubuntu opt in... To manage notifications about this bug go to: https://bugs.launchpad.net/zeitgeist/+bug/926652/+subscriptions ___ Mailing list: https://launchpad.net/~zeitgeist Post to : zeitgeist@lists.launchpad.net Unsubscribe : https://launchpad.net/~zeitgeist More help : https://help.launchpad.net/ListHelp
[Zeitgeist] [Bug 926652] Re: security/privacy hole in zeitgeist
Whoops, the directory should be 0700, not 0600. -- You received this bug notification because you are a member of Zeitgeist Framework Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/926652 Title: security/privacy hole in zeitgeist Status in Zeitgeist Framework: New Status in “zeitgeist” package in Ubuntu: Confirmed Bug description: zeitgeist data files don't seem to use the write permissions by default: user@machine:~/.local/share/zeitgeist$ ls -l total 7244 -rw-r--r-- 1 user user 3776512 2012-02-03 23:47 activity.sqlite -rw-rw-r-- 1 user user 1996800 2011-10-17 03:09 activity.sqlite.bck -rw-r--r-- 1 user user 1623848 2012-02-03 23:47 activity.sqlite-journal so that any user on the same machine (or with network access to the home drive), including the guest user, will be able to read the highly sensitive private information of everybody else and use it to blackmail the users, or whatever nasty things one could do with private information. this could be fixed by having the right permissions or even better by making all the privacy-killing features of ubuntu opt in... To manage notifications about this bug go to: https://bugs.launchpad.net/zeitgeist/+bug/926652/+subscriptions ___ Mailing list: https://launchpad.net/~zeitgeist Post to : zeitgeist@lists.launchpad.net Unsubscribe : https://launchpad.net/~zeitgeist More help : https://help.launchpad.net/ListHelp
[Zeitgeist] [Bug 926652] Re: security/privacy hole in zeitgeist
** Changed in: zeitgeist Assignee: (unassigned) => Siegfried Gevatter (rainct) -- You received this bug notification because you are a member of Zeitgeist Framework Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/926652 Title: security/privacy hole in zeitgeist Status in Zeitgeist Framework: New Status in “zeitgeist” package in Ubuntu: Confirmed Bug description: zeitgeist data files don't seem to use the write permissions by default: user@machine:~/.local/share/zeitgeist$ ls -l total 7244 -rw-r--r-- 1 user user 3776512 2012-02-03 23:47 activity.sqlite -rw-rw-r-- 1 user user 1996800 2011-10-17 03:09 activity.sqlite.bck -rw-r--r-- 1 user user 1623848 2012-02-03 23:47 activity.sqlite-journal so that any user on the same machine (or with network access to the home drive), including the guest user, will be able to read the highly sensitive private information of everybody else and use it to blackmail the users, or whatever nasty things one could do with private information. this could be fixed by having the right permissions or even better by making all the privacy-killing features of ubuntu opt in... To manage notifications about this bug go to: https://bugs.launchpad.net/zeitgeist/+bug/926652/+subscriptions ___ Mailing list: https://launchpad.net/~zeitgeist Post to : zeitgeist@lists.launchpad.net Unsubscribe : https://launchpad.net/~zeitgeist More help : https://help.launchpad.net/ListHelp
[Zeitgeist] [Bug 926652] Re: security/privacy hole in zeitgeist
Actually, it doesn't appear to be doing it, at least for me on Precise. The whole ~/.local/share/zeitgeist directory should probably be 0600. ** Also affects: zeitgeist Importance: Undecided Status: New ** Changed in: zeitgeist (Ubuntu) Status: New => Confirmed ** Changed in: zeitgeist (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Zeitgeist Framework Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/926652 Title: security/privacy hole in zeitgeist Status in Zeitgeist Framework: New Status in “zeitgeist” package in Ubuntu: Confirmed Bug description: zeitgeist data files don't seem to use the write permissions by default: user@machine:~/.local/share/zeitgeist$ ls -l total 7244 -rw-r--r-- 1 user user 3776512 2012-02-03 23:47 activity.sqlite -rw-rw-r-- 1 user user 1996800 2011-10-17 03:09 activity.sqlite.bck -rw-r--r-- 1 user user 1623848 2012-02-03 23:47 activity.sqlite-journal so that any user on the same machine (or with network access to the home drive), including the guest user, will be able to read the highly sensitive private information of everybody else and use it to blackmail the users, or whatever nasty things one could do with private information. this could be fixed by having the right permissions or even better by making all the privacy-killing features of ubuntu opt in... To manage notifications about this bug go to: https://bugs.launchpad.net/zeitgeist/+bug/926652/+subscriptions ___ Mailing list: https://launchpad.net/~zeitgeist Post to : zeitgeist@lists.launchpad.net Unsubscribe : https://launchpad.net/~zeitgeist More help : https://help.launchpad.net/ListHelp