[Pkg-kde-extras] Bug#884652: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file
Heinrich Schuchardt
xypron.glpk at gmx.de
Mon Dec 18 17:04:19 UTC 2017
On 12/18/2017 05:32 PM, Diederik de Haas wrote:
> On maandag 18 december 2017 06:21:44 CET Heinrich Schuchardt wrote:
>> the configuration of quassel client is stored in
>> ~/.config/quassel-irc.org/quasselclient.conf
>> This file was created on my system as chmod 644. So it is world readable.
>
> That's also what I thought, but it's not as bad as one would think.
> See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806500 for details
>
Not encoding the password means that any user application can fetch it
and send it to the internet even if ~/.config is chmod 700.
Can anything be worse?
Best regards
Henrich
More information about the pkg-kde-extras
mailing list