[Evolution] Bug#358507: saved passwords are world-readable

drew.parsons at ozemail.com.au drew.parsons at ozemail.com.au
Thu Mar 23 00:39:09 UTC 2006

Quoting Christian Surchi <csurchi at debian.org>:
> Il giorno gio, 23/03/2006 alle 10.18 +1100, Drew Parsons ha scritto:
>> The permissions of this file are -rw-r--r--. This means anyone on the same
>> machine can read your passwords, correct?
> In a directory not accessible by any other user?
> drwx------  2 christian christian   4096 2006-02-16 01:27 .gnome2_private

You're right, the directory is protected in this way.  If that is indeed
sufficient to protect the underlying file then I suppose this bug could be

Still makes me a bit nervous though. What if the directory permissions are
inadvertently changed, for whatever reason?  I'd feel more secure if evolution
applied the permissions mask when the password file is created to make it
explicitly non-world (if not group) readable.


This message was sent using MyMail

More information about the Pkg-evolution-maintainers mailing list