Bug #1448: quassel-client: core connection passsword stored in plan Ascii in chmod 644 file - Quassel IRC - Quassel IRC Issue Tracker

Bug #1448

quassel-client: core connection passsword stored in plan Ascii in chmod 644 file

Added by xypron almost 7 years ago. Updated over 3 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

12/18/2017

Due date:

% Done:

Estimated time:

8.00 h

Version:

0.12.4

OS:

Linux

Description

Dear Maintainer,

the configuration of quassel client is stored in
~/.config/quassel-irc.org/quasselclient.conf
This file was created on my system as chmod 644. So it is world readable.

The configuration file is plain Ascii:

[CoreAccounts]
1\AccountId=1
1\AccountName=example
1\HostName=chat.example.com
1\Password=password
1\User=user

So the password can be picked up by anybody.

The configuration file should be created chmod 600.
The password should be stored in a wallet manager, e.g. KDEwallet.

Best regards

Heinrich Schuchardt

History

#1 Updated by phuzion over 3 years ago

Status changed from New to Resolved

I'm going to mark this issue as resolved.

I've tested that quasselclient.conf files are created as 0600 using both the Fedora packaged version of the client and with a version I built myself off of git HEAD.

If there are any other distros that package Quassel Client and their quasselclient.conf files have different permissions, I suspect that would be a packaging problem.

Also available in: Atom PDF

Project

General

Profile

Quassel IRC

Issues

Bug #1448

quassel-client: core connection passsword stored in plan Ascii in chmod 644 file

History

#1 Updated by phuzion over 3 years ago