Client configuration is world readable and contains password in plain text
As I was trying to setup CertFP I had a look at
~/.config/quassel-irc.org and noticed the following:
rw-r--r- 1 diederik diederik 8101 nov 28 03:01 quasselclient.conf
Looking into that file I could easily see my password and that combined
with the security settings of that file did not make me happy.
#1 Updated by phuzion over 2 years ago
- Status changed from New to Resolved
I have just tested this on both Fedora 34, built from the latest source code on Github, and on Debian 10 using the packaged Quassel Client, and both are placing ~/.config/quassel-irc.org/quasselclient.conf with permissions of 0600.
I believe that it is safe to close this bug. Thanks for the report.