Project

General

Profile

Bug #1505

Client configuration is world readable and contains password in plain text

Added by kitterma about 6 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
-
Target version:
-
Start date:
12/11/2018
Due date:
% Done:

0%

Estimated time:
Version:
0.13.0
OS:
Any

Description

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806500

As I was trying to setup CertFP I had a look at
~/.config/quassel-irc.org and noticed the following:
rw-r--r- 1 diederik diederik 8101 nov 28 03:01 quasselclient.conf

Looking into that file I could easily see my password and that combined
with the security settings of that file did not make me happy.

History

#1 Updated by phuzion over 3 years ago

  • Status changed from New to Resolved

Hi there.

I have just tested this on both Fedora 34, built from the latest source code on Github, and on Debian 10 using the packaged Quassel Client, and both are placing ~/.config/quassel-irc.org/quasselclient.conf with permissions of 0600.

I believe that it is safe to close this bug. Thanks for the report.

Also available in: Atom PDF