Menu

#2092 [GR] Insecure permissions - user/password world readable

Gallery Remote
closed-fixed
Pierre-Luc Paour
None
5
2007-08-08
2007-06-16
Niklas Edmundsson
No

Gallery Remote 1.5b32 on Ubuntu Feisty.

I noticed that Gallery Remote creates the user preferences file ($HOME/.GalleryRemote/GalleryRemote.properties) with default permissions. Since the default umask on most Unix systems is 022, this means that the file is world readable, and since the file can contain user/password to remote sites this is bad on a multiple user system.

I suggest that both the .GalleryRemote directory and the GalleryRemote.properties file is created with viewable-by-owner permission only.

Discussion

  • Brian Egge

    Brian Egge - 2007-07-21

    Logged In: YES
    user_id=785481
    Originator: NO

    Submitting a patch which does a chmod -R go-rwx. Here's my permissions after running the patched version.

    $ ls -altrd ~/.GalleryRemote/GalleryRemote.properties
    -rw------- 1 brianegg brianegg 0 Jul 21 14:26 /Users/brianegge/.GalleryRemote/GalleryRemote.properties
    $ ls -altrd ~/.GalleryRemote
    drwx------ 3 brianegg brianegg 102 Jul 21 14:26 /Users/brianegge/.GalleryRemote

     

  • Pierre-Luc Paour

    Pierre-Luc Paour - 2007-08-08

    Logged In: YES
    user_id=113246
    Originator: NO

    Implemented in GR 1.5.1-b33.

     

  • Pierre-Luc Paour

    Pierre-Luc Paour - 2007-08-08
    • status: open --> closed-fixed
     

Log in to post a comment.