Actually, it doesn't appear to be doing it, at least for me on Precise.

The whole ~/.local/share/zeitgeist directory should probably be 0600.

** Also affects: zeitgeist
   Importance: Undecided
       Status: New

** Changed in: zeitgeist (Ubuntu)
       Status: New => Confirmed

** Changed in: zeitgeist (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Zeitgeist
Framework Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/926652

Title:
  security/privacy hole in zeitgeist

Status in Zeitgeist Framework:
  New
Status in “zeitgeist” package in Ubuntu:
  Confirmed

Bug description:
  zeitgeist data files don't seem to use the write permissions by
  default:

  user@machine:~/.local/share/zeitgeist$ ls -l
  total 7244
  -rw-r--r-- 1 user user 3776512 2012-02-03 23:47 activity.sqlite
  -rw-rw-r-- 1 user user 1996800 2011-10-17 03:09 activity.sqlite.bck
  -rw-r--r-- 1 user user 1623848 2012-02-03 23:47 activity.sqlite-journal

  so that any user on the same machine (or with network access to the
  home drive), including the guest user, will be able to read the highly
  sensitive private information of everybody else and use it to
  blackmail the users, or whatever nasty things one could do with
  private information.

  this could be fixed by having the right permissions or even better by
  making all the privacy-killing features of ubuntu opt in...

To manage notifications about this bug go to:
https://bugs.launchpad.net/zeitgeist/+bug/926652/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~zeitgeist
Post to     : zeitgeist@lists.launchpad.net
Unsubscribe : https://launchpad.net/~zeitgeist
More help   : https://help.launchpad.net/ListHelp

Reply via email to