Your message dated Tue, 10 Nov 2009 02:08:28 -0500 with message-id <20091110070828.ga18...@gnu.kitenet.net> and subject line Re: Bug#555502: world-readable clipboard history file has caused the Debian Bug report #555502, regarding world-readable clipboard history file to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 555502: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555502 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: glipper Version: 1.0-1.1 Severity: serious Tags: security ~/.glipper/history contains potentially sensative information (whatever has been put in the clipboard lately) and yet is world-readable: j...@gnu:~/.glipper>ls -ld . history drwxr--r-- 3 joey joey 4096 Nov 9 20:53 ./ -rw-r--r-- 1 joey joey 2585 Nov 9 20:51 history This file absolutely needs to be mode 600. Workaround: Disable "Save history" in Preferences. (If it matters, my umask is 022.) -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.30-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages glipper depends on: ii gconf2 2.28.0-1 GNOME configuration database syste ii gnome-panel 2.28.0-1 launcher and docking facility for ii python 2.5.4-2 An interactive high-level object-o ii python-gnome2 2.28.0-1 Python bindings for the GNOME desk ii python-gnomeapplet 2.28.0-1 Python bindings for the GNOME pane ii python-gobject 2.20.0-1 Python bindings for the GObject li ii python-support 1.0.4 automated rebuilding support for P Versions of packages glipper recommends: ii python-crypto 2.0.1+dfsg1-4 cryptographic algorithms and proto ii yelp 2.28.0+webkit-1 Help browser for GNOME glipper suggests no packages. -- no debconf information -- see shy josignature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Joey Hess wrote: > Package: glipper > Version: 1.0-1.1 > Severity: serious > Tags: security > > ~/.glipper/history contains potentially sensative information > (whatever has been put in the clipboard lately) and yet is > world-readable: > > j...@gnu:~/.glipper>ls -ld . history > drwxr--r-- 3 joey joey 4096 Nov 9 20:53 ./ Eh, I just noticed the missing x, so I guess it's ok after all. -- see shy josignature.asc
Description: Digital signature
--- End Message ---