Bug #1505: Client configuration is world readable and contains password in plain text - Quassel IRC - Quassel IRC Issue Tracker

Bug #1505

Client configuration is world readable and contains password in plain text

Added by kitterma over 5 years ago. Updated almost 3 years ago.

Status:

Resolved

Priority:

High

Assignee:

Category:

Target version:

Start date:

12/11/2018

Due date:

% Done:

Estimated time:

Version:

0.13.0

OS:

Any

Description

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806500

As I was trying to setup CertFP I had a look at
~/.config/quassel-irc.org and noticed the following:
~~rw-r--r-~~ 1 diederik diederik 8101 nov 28 03:01 quasselclient.conf

Looking into that file I could easily see my password and that combined
with the security settings of that file did not make me happy.

History

#1 Updated by phuzion almost 3 years ago

Status changed from New to Resolved

Hi there.

I have just tested this on both Fedora 34, built from the latest source code on Github, and on Debian 10 using the packaged Quassel Client, and both are placing ~/.config/quassel-irc.org/quasselclient.conf with permissions of 0600.

I believe that it is safe to close this bug. Thanks for the report.

Also available in: Atom PDF

Project

General

Profile

Quassel IRC

Issues

Bug #1505

Client configuration is world readable and contains password in plain text

History

#1 Updated by phuzion almost 3 years ago