Hi, When adding a bookmark, you need to give a name and an url. Both are already filled in with the current path of the loaction toolbar but the password is striped in the bookmark name and url. It's possible to add again the password in the bookmark url and save the bookmark. The password is saved in clear text in $/username/.kde/share/apps/krusader/krbookmarks.xml
Krusader-1.70.1 contains a fix that this password is stiped out the bookmark url, so that the password is not saved in cleartext in krbookmarks.xml When you use "Keep password", Kwallet is used to store the password safely. When you don't use Kwallet, you need to enter the password again when you have closed the Krusader session. kind regards, Frank Schoolmeesters http://www.krusader.org On 7/29/06, Alec Berryman <[EMAIL PROTECTED]> wrote:
Package: krusader Version: 1.51-1 Followup-For: Bug #380063 I tested this with sarge's krusader and can't reproduce this exploit. Although the file krbookmarks.xml is created group- and world-readable (that can and should be easily fixed), the directory it is in is not. For the path /home/alec/.kde/share/apps/krusader/krbookmarks.xml, none of .kde, share, apps, or krusader is group- or world-readable (or writable/executable). The user would have to manually change the permissions on those directories for this to be exploitable. Additionally, I found it difficult to even save the password to the bookmarks file. When I typed in a URL with password into the right-hand pane and pressed enter, the password was stripped out of the URL after it was used. I could not use the bookmark button to make a new bookmark before the URL had been stripped; it would only allow me to bookmark the current directory. I could make Krusader write the password to the bookmarks file, but only after manually editing it using the bookmark manager to include the password. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-386 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages krusader depends on: ii kdelibs4 4:3.3.2-6.4 KDE core libraries ii libart-2.0-2 2.3.17-1 Library of functions for 2D graphi ii libaudio2 1.7-2 The Network Audio System (NAS). (s ii libc6 2.3.2.ds1-22sarge3 GNU C Library: Shared libraries an ii libfam0c102 2.7.0-6sarge1 client library to control the FAM ii libfontconfig1 2.3.1-2 generic font configuration library ii libfreetype6 2.1.7-2.5 FreeType 2 font engine, shared lib ii libgcc1 1:3.4.3-13 GCC support library ii libice6 4.3.0.dfsg.1-14sarge1 Inter-Client Exchange library ii libidn11 0.5.13-1.0 GNU libidn library, implementation ii libjpeg62 6b-10 The Independent JPEG Group's JPEG ii libpcre3 4.5-1.2sarge1 Perl 5 Compatible Regular Expressi ii libpng12-0 1.2.8rel-1 PNG library - runtime ii libqt3c102-mt 3:3.3.4-3 Qt GUI Library (Threaded runtime v ii libsm6 4.3.0.dfsg.1-14sarge1 X Window System Session Management ii libstdc++5 1:3.3.5-13 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-14sarge1 X Window System protocol client li ii libxcursor1 1.1.3-1 X cursor management library ii libxext6 4.3.0.dfsg.1-14sarge1 X Window System miscellaneous exte ii libxft2 2.1.7-1 FreeType-based font drawing librar ii libxrandr2 4.3.0.dfsg.1-14sarge1 X Window System Resize, Rotate and ii libxrender1 0.8.3-7 X Rendering Extension client libra ii libxt6 4.3.0.dfsg.1-14sarge1 X Toolkit Intrinsics ii xlibs 4.3.0.dfsg.1-14sarge1 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- no debconf information
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
