Ubuntu
gmail-notify package

password visible

Bug #38631 reported by Sergio Uribe on 2006-04-07

4

Affects		Status	Importance	Assigned to	Milestone
	gmail-notify (Ubuntu)	Fix Released	High	MOTU

Bug Description

the username and password of the gmail account is accesible in plain text at the user/.notifier.conf

See original description

Sergio Uribe (sergiouribe) on 2006-04-07

description:

updated

Revision history for this message

Dennis Kaarsemaker (dennis) wrote on 2006-04-08: Re: [Bug 38631] password visible

#1

Please post the output of:

ls -al ~/.notifier.conf

Revision history for this message

Sergio Uribe (sergiouribe) wrote on 2006-04-08: Re: [Bug 38631] Re: [Bug 38631] password visible

#2

-rw-r--r-- 1 sergio sergio 186 2006-02-28
14:49 /home/sergio/.notifier.conf

El sáb, 08-04-2006 a las 00:08 +0000, Dennis Kaarsemaker escribió:
> Please post the output of:
>
> ls -al ~/.notifier.conf
>

Revision history for this message

Dennis Kaarsemaker (dennis) wrote on 2006-04-08: Re: [Bug 38631] Re: [Bug 38631] Re: [Bug 38631] password visible

#3

Setting to major since this is a security issue

severity Major

Revision history for this message

Dennis Kaarsemaker (dennis) wrote on 2006-04-08:

#4

Fairy trivial patch:

--- gmail-notify-1.6.1/GmailConfig.py 2005-09-25 19:12:11.000000000 +0200
+++ gmail-notify-1.6.1.new/GmailConfig.py 2006-04-08 23:36:53.000000000 +0200
@@ -237,7 +237,10 @@
self.config.remove_option( "options", "gmailusername" )
self.config.remove_option( "options", "gmailpassword" )

- self.config.write( open( self.loadedConfig, 'w' ) )
+ fd = open( self.loadedConfig, 'w' )
+ os.chmod( self.loadedConfig, 0600)
+ self.config.write( fd )
+ fd.close()
                        gtk.main_quit()
                        self.hide()
                else:

Revision history for this message

Dennis Kaarsemaker (dennis) wrote on 2006-04-08:

#5

(ok, malone still sucks ;))

Dennis Kaarsemaker (dennis-merged) on 2006-04-08

Changed in gmail-notify:
assignee:	nobody → motu
status:	Unconfirmed → Confirmed

Revision history for this message

Dennis Kaarsemaker (dennis) wrote on 2006-04-08: Corected patch

#6

Corected patch Edit (602 bytes, text/plain)

This patch is better - but people who use tabs in python should be larted...

Revision history for this message

Chuck Short (zulcss) wrote on 2006-04-18:

#7

Added patch and uploaded. Thanks.

Changed in gmail-notify:
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Corected patch Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.