[Python-apps-team] Bug#760494: turses: Creates ~/.turses/token world readable

Chris Chiappa chris+debian at chiappa.net
Thu Sep 4 17:31:52 UTC 2014

Package: turses
Version: 0.2.20-1
Severity: important

Running turses for the first time, it helpfully creates ~/.turses.  I
don't think I mind that directory being world-accessible, but when it
authenticates to twitter and gets its token, it creates the "token"
file world readable as well, which is probably bad.  The "log" file
should potentially not be readable as well.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages turses depends on:
ii  python                2.7.5-5
ii  python-oauth2         1.5.211-2
ii  python-pkg-resources  3.4.4-1
ii  python-tweepy         2.3-1
ii  python-urwid          1.2.1-2+b1

Versions of packages turses recommends:
ii  turses-doc  0.2.20-1

turses suggests no packages.

-- no debconf information

More information about the Python-apps-team mailing list