[Evolution] Bug#358507: saved passwords are world-readable
drew.parsons at ozemail.com.au
drew.parsons at ozemail.com.au
Thu Mar 23 00:39:09 UTC 2006
Quoting Christian Surchi <csurchi at debian.org>:
> Il giorno gio, 23/03/2006 alle 10.18 +1100, Drew Parsons ha scritto:
>> The permissions of this file are -rw-r--r--. This means anyone on the same
>> machine can read your passwords, correct?
>
> In a directory not accessible by any other user?
>
> drwx------ 2 christian christian 4096 2006-02-16 01:27 .gnome2_private
>
You're right, the directory is protected in this way. If that is indeed
sufficient to protect the underlying file then I suppose this bug could be
closed.
Still makes me a bit nervous though. What if the directory permissions are
inadvertently changed, for whatever reason? I'd feel more secure if evolution
applied the permissions mask when the password file is created to make it
explicitly non-world (if not group) readable.
Drew
----------------------------------------------------------------
This message was sent using MyMail
More information about the Pkg-evolution-maintainers
mailing list