Unsafe permissions on configuration directory
Bug #164187 reported by
mtvoid
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| checkgmail (Debian) |
Fix Released
|
Unknown
|
|||
| checkgmail (Ubuntu) |
Fix Released
|
Medium
|
Emmet Hikory | ||
Bug Description
Binary package hint: checkgmail
Checkgmail stores its configuration in the ~/.checkgmail directory. Since one has the option of saving the Gmail password, it would be a good idea to make this directory accessible only by its owner. The default permissions of the .checkgmail directory make the files within it world readable, allowing any user on the system to read another user's ~/.checkgmail/
The directory should therefore be created with saner permissions like 0700.
Revision history for this message
| mtvoid (mtvoid) wrote | #1 |
Revision history for this message
| Emmet Hikory (persia) wrote | #2 |
| Changed in checkgmail: | |
| importance: | Undecided → Medium |
| status: | New → Confirmed |
Revision history for this message
| Mb (mb-deactivatedaccount-deactivatedaccount-deactivatedaccount) wrote | #3 |
Revision history for this message
| Emmet Hikory (persia) wrote | #4 |
| Changed in checkgmail: | |
| assignee: | nobody → persia |
| status: | Confirmed → In Progress |
| status: | In Progress → Fix Committed |
Revision history for this message
| Mb (mb-deactivatedaccount-deactivatedaccount-deactivatedaccount) wrote | #5 |
| Changed in checkgmail: | |
| status: | Fix Committed → Fix Released |
| Changed in checkgmail: | |
| status: | Unknown → New |
| Changed in checkgmail: | |
| status: | New → Fix Released |
To post a comment you must log in.
Thanks for the patch. I've added the patch tag to attract the interest of packagers. I've unsubscribed ubuntu-