Unsafe permissions on configuration directory
Bug #164187 reported by
mtvoid
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
checkgmail (Debian) |
Fix Released
|
Unknown
|
|||
checkgmail (Ubuntu) |
Fix Released
|
Medium
|
Emmet Hikory |
Bug Description
Binary package hint: checkgmail
Checkgmail stores its configuration in the ~/.checkgmail directory. Since one has the option of saving the Gmail password, it would be a good idea to make this directory accessible only by its owner. The default permissions of the .checkgmail directory make the files within it world readable, allowing any user on the system to read another user's ~/.checkgmail/
The directory should therefore be created with saner permissions like 0700.
Changed in checkgmail: | |
status: | Unknown → New |
Changed in checkgmail: | |
status: | New → Fix Released |
To post a comment you must log in.
Thanks for the patch. I've added the patch tag to attract the interest of packagers. I've unsubscribed ubuntu- universe- sponsors, as this patch does not represent a request for a new candidate upload (patch is not a debdiff). Please resubscribe if a debdiff is later created to address this bug.