Bug #858
Bad filesystem permissions of config.xml and history.
| Status: | New | Start: | ||
| Priority: | Normal | Due date: | ||
| Assigned to: | Kevin Smith | % Done: | 0% |
|
| Category: | Backend/Core | |||
| Target version: | 0.14 | |||
| Operating System: | Linux |
Reported in: | 0.11 |
|
Description
Psi stores sensitive files (chat history, config.xml with passwords) with inappropopriate permissions:
rw-r-r-- 1 vi vi 17704 2008-06-28 15:08 /home/vi/.psi/profiles/default/config.xml
xchat or licq stores them with rw------, which I should is correct.
I think permission bits should be set explicitly when storing such files to disallow access from group and others.
History
Updated by VItaly _Vi Shukela 625 days ago
- File psi-chmod.diff added
I've created a patch for this.
It changes permissions for directory history, history files and all configuration files to rw------- (rwx------ for directories), ignoring umask.
Updated by Justin Karneges 207 days ago
- Target version set to 0.14
Updated by Justin Karneges 172 days ago
The .psi directory itself has rwx------ permissions. Does it really matter if the files contained do not?