Bug#649384: gnash creates world-readable cookies under /tmp

Gabriele Giacone 1o5g4r8o at gmail.com
Sun Nov 20 23:56:29 UTC 2011

[CCing gnash-dev ml to be contradicted]

On 11/21/2011 12:12 AM, Francesco Poli wrote:
> On Sun, 20 Nov 2011 21:49:08 +0100 Alexander Kurtz wrote:
>> On Sun, 2011-11-20 at 21:43 +0100, Francesco Poli wrote:
>>> And did gnash stop creating cookies in /tmp after that configuration
>>> change?
>> Nope.
>>> Also, does it refrain from creating cookies in your
>>> ~/.gnash/SharedObjects directory?
>> Yes. It still created some subdirectories, but no actual cookies.
> So, it seems that so-called Flash shared objects and gnash-cookies (the
> ones created by Gnash in /tmp) are different things.

22:19 < gg0> what's the difference between /tmp/gnash-cookies* and stuff 
under ~/.gnash/SharedObjects?
22:20 < strk> SharedObjects are flash-specific "cookies" while 
/tmp/gnash-cookies* are common HTTP ones

> The former may be disabled via the gnash GUI, as you did, or,
> equivalently, by editing (user-specific or system-wide) configuration
> files, as I did.
> What about the latter?
> We still have to figure out whether they can be disabled...

IIRC they contain essential info to make yt working. So we can't move 
them under SOLSafeDir because if you set it to /dev/null or make it 
read-only, it'll break yt.
I'd move them under ~/.gnash [0], although I don't know what could 
remove them at the end without introducing new rc options.

Any developers alive?

[0] http://paste.debian.net/plain/146441

More information about the pkg-flash-devel mailing list