[Pkg-kde-extras] Bug#806500: quassel-client: Client configuration is world readable and contains password in plain text
Boris Pek
tehnick-8 at yandex.ru
Sat Nov 28 21:24:15 UTC 2015
>> This is a wrong assumption, just look at directory access permissions:
>>
>> $ LC_ALL=C ls -alp ~/.config/ | grep '\./'
>> drwx------ 96 user user 4096 Nov 28 23:44 ./
>> drwx------ 192 user user 12288 Nov 28 22:39 ../
>
> Mine are not the same:
>
> diederik at bagend:~$ LC_ALL=C ls -alp ~/.config/ | grep '\./'
> drwxr-xr-x 45 diederik diederik 4096 Nov 28 19:29 ./
> drwxr-x--- 68 diederik diederik 12288 Nov 28 17:59 ../
> diederik at bagend:~$ ls -ld ~/.config/
> drwxr-xr-x 45 diederik diederik 4096 nov 28 19:29 /home/diederik/.config/
> diederik at bagend:~$ ls -ld ~/.config/quassel-irc.org/
> drwxr-xr-x 2 diederik diederik 4096 nov 28 11:10 /home/diederik/.config/quassel-irc.org/
This should be enough I think:
> drwxr-x--- 68 diederik diederik 12288 Nov 28 17:59 ../
Try something like this:
$ LC_ALL=C su another-user -c 'ls -alp /home/diederik/.config'
Password:
ls: cannot access /home/diederik/.config: Permission denied
Best wishes,
Boris
More information about the pkg-kde-extras
mailing list