To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=62858 Issue #:|62858 Summary:|More secure permissions for the user directory by |default Component:|framework Version:|OOo 2.0.2 Platform:|All URL:| OS/Version:|Linux Status:|NEW Status whiteboard:| Keywords:| Resolution:| Issue type:|DEFECT Priority:|P3 Subcomponent:|code Assigned to:|tm Reported by:|pmladek
------- Additional comments from [EMAIL PROTECTED] Tue Mar 7 02:13:05 -0800 2006 ------- OOo creates the directory with user configuration with the access rights 0755 by default. It means that the user configuration is readable by anybody. I am not sure if the temporary versions of documents are stored in this directory as well. It would be a security hole, in fact. Anyway, from the security point of view, it would be better to create the user directory with permissions 0700 by default. I attach a patch that does it and works for me on Linux. Note 1: It won't help to improve the method Directory::create to accept the attribute parameter. It is because the aUserPath direcory is already created at this point. It is created earlier when OOo writes something below <aUserPath>/user/registry/cache. Note 2: I did the fix UNIX-specific because OOo does not provide the method setAttributes for the object Directory. I was not sure if File::setAttributes works on non-UNIX systems. --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]