[OTR-dev] pidgin-otr: mode 600 instead of 644

Caspar Clemens Mierau damokles at ubuntu.com
Tue Jun 17 08:17:14 EDT 2008


Hi,

after reading

https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/156204

I checked the .purple/otr.* files created by pidgin-otr. They have a
mode 644 which is at least for otr.private_key a security issue and
breaks the design of .purple which actually makes files 0600.

I wrote a small six line patch and successfully applied and tested it.
Would you please check it and consider applying it to your upstream
code?

Patch is attached.

Best,

Caspar Clemens Mierau


-- 
Caspar Clemens Mierau
 Dipl.-Kult. (Medien)
 official "Ubuntu member"
 ubuntu Deutschland e.V.
 Ubuntu Berlin
 c-base e.V.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pidgin-otr-umask.diff
Type: text/x-diff
Size: 1038 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20080617/ed497782/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20080617/ed497782/attachment.pgp>


More information about the OTR-dev mailing list