[Secure-testing-team] Bug#659379: uzbl: world-readable (and writable!) cookie jar
Jakub Wilk
jwilk at debian.org
Fri Feb 10 16:09:13 UTC 2012
Package: uzbl
Version: 0.0.0~git.20100403-3
Severity: grave
Tags: security
Justification: user security hole
$ ls -ld ~/.local/{,share/{,uzbl/{,cookies.txt}}}
drwxr-xr-x 3 user users 4096 Feb 9 23:29 /home/user/.local/
drwxr-xr-x 4 user users 4096 Feb 9 23:29 /home/user/.local/share/
drwxr-xr-x 2 user users 4096 Feb 9 23:29 /home/user/.local/share/uzbl/
-rw-rw-rw- 1 user users 732 Feb 9 23:29 /home/user/.local/share/uzbl/cookies.txt
This allows local users to steal cookies (and tamper with them).
--
Jakub Wilk
More information about the Secure-testing-team
mailing list