23778 – Passwords are world-readable

Bug 23778 - Passwords are world-readable

Summary: Passwords are world-readable

Status:	RESOLVED FIXED

Alias:	None

Product:	Telepathy
Classification:	Unclassified
Component:	mission-control (show other bugs)
Version:	unspecified
Hardware:	Other All

Importance:	highest blocker
Assignee:	Simon McVittie
QA Contact:	Telepathy bugs list

URL:	http://git.collabora.co.uk/?p=user/sm...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-09-07 08:33 UTC by Vincent Untz
Modified:	2009-09-07 10:23 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Vincent Untz 2009-09-07 08:33:05 UTC

~/.mission-control/accounts/accounts.cfg is readable by everyone (and the directories are rx for everybody).

This means everybody can read your passwords.

Comment 1 Simon McVittie 2009-09-07 08:36:32 UTC

Fixing that now.

Comment 2 Simon McVittie 2009-09-07 09:26:26 UTC

Workaround: `chmod 0700 ~/.mission-control` and/or `chmod 0700 ~/.mission-control/accounts`, or run MC with umask 077.

Current MC will lose the correct permissions of accounts.cfg every time it writes that file (and reset them to 0644), but chmod'ing the directories should work fine.

Comment 3 Simon McVittie 2009-09-07 10:23:58 UTC

review+ from wjt, fixed in git, and in 5.2.2 shortly.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.