Closed Bug 179359 Opened 20 years ago Closed 20 years ago
insecure file permissions for passwords/mail files upon profile creation
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2b) Gecko/20021108 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2b) Gecko/20021108 Hi, I just used the build above to recreate my profile from scratch. After examinig the file permissions I found out that: - the passwords file is world-readable (ok, the key to decrypt it isn't, but..) - all my mail messages (pop & downloaded imap) were world-readable! I am not sure what the considerations are to not clear all group/world permissions for the whole .mozilla structure. The files above, should be protected anyway, of course.. Reproducible: Always Steps to Reproduce: 1. Create a profile. 2. Download some mail. Save your passwords with password manager. 3. Have some collegues with nasty ideas:-) Actual Results: (as if my default umask was used: incl. subdirs) drwxrwxr-x Mail drwxtwxr-x ImapMail -rw-rw-r-- 36943395.s Expected Results: drwx------ Mail drwx------ ImapMail -rw------- 36943395.s The workaround (just clear the permissions) is quite simple. It IS a critical bug, though.
This has been being ignored for a long time now... :(
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.