[Pkg-kde-extras] Bug#884652: Bug#806500: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file

Diederik de Haas didi.debian at cknow.org
Mon Dec 18 21:17:51 UTC 2017


On maandag 18 december 2017 21:08:46 CET Felix Geyer wrote:
> Well, that's the unfortunate state of security on the Linux desktop (and
> other major desktop OSes). Largely there is no privilege separation between
> applications.
> They all run in the same context so they can't really keep secrets from each
> other.

That is true.
Even though the file is protected by the security of ~/.config, I see no 
reason why the file itself isn't 600 or 660.

But the real problem is that the password is stored in plaintext and I find 
that inexcusable.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-kde-extras/attachments/20171218/cb84567b/attachment-0001.sig>


More information about the pkg-kde-extras mailing list