[Python-apps-team] Bug#760494: turses: Creates ~/.turses/token world readable
Chris Chiappa
chris+debian at chiappa.net
Thu Sep 4 17:31:52 UTC 2014
Package: turses
Version: 0.2.20-1
Severity: important
Running turses for the first time, it helpfully creates ~/.turses. I
don't think I mind that directory being world-accessible, but when it
authenticates to twitter and gets its token, it creates the "token"
file world readable as well, which is probably bad. The "log" file
should potentially not be readable as well.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages turses depends on:
ii python 2.7.5-5
ii python-oauth2 1.5.211-2
ii python-pkg-resources 3.4.4-1
ii python-tweepy 2.3-1
ii python-urwid 1.2.1-2+b1
Versions of packages turses recommends:
ii turses-doc 0.2.20-1
turses suggests no packages.
-- no debconf information
More information about the Python-apps-team
mailing list