[OTR-dev] pidgin-otr: mode 600 instead of 644
Caspar Clemens Mierau
damokles at ubuntu.com
Tue Jun 17 08:17:14 EDT 2008
Hi,
after reading
https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/156204
I checked the .purple/otr.* files created by pidgin-otr. They have a
mode 644 which is at least for otr.private_key a security issue and
breaks the design of .purple which actually makes files 0600.
I wrote a small six line patch and successfully applied and tested it.
Would you please check it and consider applying it to your upstream
code?
Patch is attached.
Best,
Caspar Clemens Mierau
--
Caspar Clemens Mierau
Dipl.-Kult. (Medien)
official "Ubuntu member"
ubuntu Deutschland e.V.
Ubuntu Berlin
c-base e.V.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pidgin-otr-umask.diff
Type: text/x-diff
Size: 1038 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20080617/ed497782/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20080617/ed497782/attachment.pgp>
More information about the OTR-dev
mailing list