Whoops, the directory should be 0700, not 0600.
You received this bug notification because you are a member of Zeitgeist
Framework Team, which is subscribed to the bug report.
security/privacy hole in zeitgeist
Status in Zeitgeist Framework:
Status in “zeitgeist” package in Ubuntu:
zeitgeist data files don't seem to use the write permissions by
user@machine:~/.local/share/zeitgeist$ ls -l
-rw-r--r-- 1 user user 3776512 2012-02-03 23:47 activity.sqlite
-rw-rw-r-- 1 user user 1996800 2011-10-17 03:09 activity.sqlite.bck
-rw-r--r-- 1 user user 1623848 2012-02-03 23:47 activity.sqlite-journal
so that any user on the same machine (or with network access to the
home drive), including the guest user, will be able to read the highly
sensitive private information of everybody else and use it to
blackmail the users, or whatever nasty things one could do with
this could be fixed by having the right permissions or even better by
making all the privacy-killing features of ubuntu opt in...
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~zeitgeist
Post to : email@example.com
Unsubscribe : https://launchpad.net/~zeitgeist
More help : https://help.launchpad.net/ListHelp