[Pkg-kde-extras] Bug#806500: quassel-client: Client configuration is world readable and contains password in plain text

Boris Pek tehnick-8 at yandex.ru
Sat Nov 28 21:24:15 UTC 2015


>>  This is a wrong assumption, just look at directory access permissions:
>>
>>  $ LC_ALL=C ls -alp ~/.config/ | grep '\./'
>>  drwx------ 96 user user 4096 Nov 28 23:44 ./
>>  drwx------ 192 user user 12288 Nov 28 22:39 ../
>
> Mine are not the same:
>
> diederik at bagend:~$ LC_ALL=C ls -alp ~/.config/ | grep '\./'
> drwxr-xr-x 45 diederik diederik 4096 Nov 28 19:29 ./
> drwxr-x--- 68 diederik diederik 12288 Nov 28 17:59 ../
> diederik at bagend:~$ ls -ld ~/.config/
> drwxr-xr-x 45 diederik diederik 4096 nov 28 19:29 /home/diederik/.config/
> diederik at bagend:~$ ls -ld ~/.config/quassel-irc.org/
> drwxr-xr-x 2 diederik diederik 4096 nov 28 11:10 /home/diederik/.config/quassel-irc.org/

This should be enough I think:
> drwxr-x--- 68 diederik diederik 12288 Nov 28 17:59 ../

Try something like this:
$ LC_ALL=C su another-user -c 'ls -alp /home/diederik/.config'
Password: 
ls: cannot access /home/diederik/.config: Permission denied

Best wishes,
Boris



More information about the pkg-kde-extras mailing list