[Pkg-kde-extras] Bug#806500: quassel-client: Client configuration is world readable and contains password in plain text
Boris Pek
tehnick-8 at yandex.ru
Sat Nov 28 20:57:38 UTC 2015
Hi,
> As I was trying to setup CertFP I had a look at
> ~/.config/quassel-irc.org and noticed the following:
> -rw-r--r-- 1 diederik diederik 8101 nov 28 03:01 quasselclient.conf
>
> Looking into that file I could easily see my password and that combined
> with the security settings of that file did not make me happy.
This is a wrong assumption, just look at directory access permissions:
$ LC_ALL=C ls -alp ~/.config/ | grep '\./'
drwx------ 96 user user 4096 Nov 28 23:44 ./
drwx------ 192 user user 12288 Nov 28 22:39 ../
Best wishes,
Boris
More information about the pkg-kde-extras
mailing list