[PATCH/SECURITY] Fix unsafe permissions for config-private



Hi all,

the $HOME/.balsa/config-private file is saved with default permissions which may leave it (and the obfuscated 
passwords within it) group or world readable.  This should be regarded as a security hazard.

The attached simple patch ensures that the permissions are 0600 after saving it.

Cheers,
Albrecht.

Attachment: config-private-perms.diff
Description: Text Data

Attachment: pgpF5BeF3_O5l.pgp
Description: PGP signature



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]