[Telepathy] SECURITY: telepathy-mission-control 5.x local password disclosure
Simon McVittie
simon.mcvittie at collabora.co.uk
Mon Sep 7 09:38:06 PDT 2009
We've discovered that under normal circumstances, telepathy-mission-control 5.x
leaves accounts.cfg (which includes passwords etc.) world-readable. This will
be fixed in point release 5.2.2, later today.
As a workaround, MC 5.x users should make their Mission Control account
storage directory unreadable by others:
mkdir -p ~/.mission-control/accounts
chmod 0700 ~/.mission-control
chmod 0700 ~/.mission-control/accounts
Due to details of the MC implementation, using chmod on accounts.cfg is not
a sufficient workaround (it will get bad permissions again as soon as MC needs
to alter accounts.cfg). chmod the directories instead.
Regards,
Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 155 bytes
Desc: Digital signature
Url : http://lists.freedesktop.org/archives/telepathy/attachments/20090907/783af341/attachment.pgp
More information about the telepathy
mailing list