Bug#555502: marked as done (world-readable clipboard history file)

[Debian Bug Tracking System]

Your message dated Tue, 10 Nov 2009 02:08:28 -0500
with message-id <20091110070828.ga18...@gnu.kitenet.net>
and subject line Re: Bug#555502: world-readable clipboard history file
has caused the Debian Bug report #555502,
regarding world-readable clipboard history file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
555502: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555502
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: glipper
Version: 1.0-1.1
Severity: serious
Tags: security

~/.glipper/history contains potentially sensative information
(whatever has been put in the clipboard lately) and yet is
world-readable:

j...@gnu:~/.glipper>ls -ld . history
drwxr--r-- 3 joey joey 4096 Nov  9 20:53 ./
-rw-r--r-- 1 joey joey 2585 Nov  9 20:51 history

This file absolutely needs to be mode 600.

Workaround: Disable "Save history" in Preferences.


(If it matters, my umask is 022.)

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages glipper depends on:
ii  gconf2                        2.28.0-1   GNOME configuration database syste
ii  gnome-panel                   2.28.0-1   launcher and docking facility for 
ii  python                        2.5.4-2    An interactive high-level object-o
ii  python-gnome2                 2.28.0-1   Python bindings for the GNOME desk
ii  python-gnomeapplet            2.28.0-1   Python bindings for the GNOME pane
ii  python-gobject                2.20.0-1   Python bindings for the GObject li
ii  python-support                1.0.4      automated rebuilding support for P

Versions of packages glipper recommends:
ii  python-crypto            2.0.1+dfsg1-4   cryptographic algorithms and proto
ii  yelp                     2.28.0+webkit-1 Help browser for GNOME

glipper suggests no packages.

-- no debconf information

-- 
see shy jo

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Joey Hess wrote:
> Package: glipper
> Version: 1.0-1.1
> Severity: serious
> Tags: security
> 
> ~/.glipper/history contains potentially sensative information
> (whatever has been put in the clipboard lately) and yet is
> world-readable:
> 
> j...@gnu:~/.glipper>ls -ld . history
> drwxr--r-- 3 joey joey 4096 Nov  9 20:53 ./

Eh, I just noticed the missing x, so I guess it's ok after all.

-- 
see shy jo

signature.asc
Description: Digital signature

--- End Message ---